Trusted computing

ABSTRACT

A trusted computing device (TCD) includes an isolated environment, host interface, secure interface, and program instructions. The environment includes an isolated environment processor (IEP), memory (secure and non-secure partition), and an auxiliary processor (AP). Memory and AP are connected for data communication with the IEP, and communicate with a host only through the IEP. The host interface and each secure interface are connected for data communication with the IEP. The instructions provision TCD for cryptographic operations via a secure interface; present a first file system partition comprising a write file and a read file with file creation/deletion privileges allocated only to the IEP at the host interface via the IEP; present a non-secured file system partition with access to the non-secure partition via the host interface via the IEP; receive, via the write file, requests to perform trusted computing; perform requested computing using the IEP, secure memory, and AP; and write results to the read file.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/389,436, filed Dec. 22, 2016, which is a continuation of U.S. patentapplication Ser. No. 14/587,551, now U.S. Pat. No. 9,569,638 and filedDec. 31, 2014, the disclosures of which are incorporated herein byreference in their entireties.

FIELD

The present disclosure relates to trusted computing, securing privateuser information, such as securing user information for host computerinteractions, securing communications between users, and establishing asecure system event log to manage event log entries associated with thehost computer.

BACKGROUND

Due to a number of factors outside the control of computer users andmanufactures, conventional computer systems—including mobile computingsystems—are notoriously hostile to private data ownership. For example,any computing device connected to a network may possess vulnerabilitiesthat allow unauthorized individuals to gain access to a user's privateinformation. An unauthorized individual, for example, may exploit acomputer system's vulnerabilities to steal, change, or destroyinformation, often by installing dangerous malware without the owner'sknowledge. The computer's owner is then at risk for a variety ofdishonest activities, including identity theft and financial loss.Likewise, if an unauthorized individual accesses a user's mobile device,the unauthorized individual may intercept communications of the user.The unauthorized individual can then use the content of the interceptedconversations—without the user's knowledge—to defraud the user orothers.

In some instances, an unauthorized individual may attempt to removeevidence of the unauthorized individual's intrusion. For example, if theunauthorized individual has installed malware on a user's computingsystem, a system event log associated with the user's computer systemmay create an event log entry for the installation. A savvy,unauthorized individual, however, may be able to delete or alter thesystem event log entry associated with the user's computer system, thusremoving evidence of the unauthorized individual's intrusion. Hence, insome instances, the unauthorized individual covers his or her tracks sothat even sophisticated users remain unaware of the unauthorizedindividual's intrusion. As such, and because of the severalvulnerabilities associated with conventional computing systems,conventional computing systems are generally viewed as hostile anduntrustworthy hosts of a user's private information.

SUMMARY

In certain example aspects described herein, a trusted computing deviceis provided. For example, in some embodiments, a trusted computingdevice is a microSD form factor device that includes an isolatedenvironment, a microSD host interface, a secure interface, a computerprogram product for trusted computing, and optional out-of-bandcommunications channels that bypass the host system. The isolatedenvironment includes an isolated environment processor, memory, and anauxiliary processor.

The memory is either entirely allocated to a secure partition, ordivided into a secure partition and a non-secure partition, and isconnected for data communication with the isolated environmentprocessor. The auxiliary processor is connected for data communicationsto the isolated environment processor and the memory. Both of the memoryand the auxiliary processor are in data communication with a host onlythrough the isolated environment processor. Both the host interface andthe secure interface are connected for data communication to theisolated environment processor.

The computer program product includes non-transitory computer-readablemedia having computer-executable program instructions embodied thereon.The instructions, when executed by the trusted computing device, causethe trusted computing device to perform trusted computing. In particularthe computer program product includes program instructions to provisionthe trusted computing device for cryptographic operations via the secureinterface. Additional program instructions cause the trusted computingdevice to present a first File Allocation Table (FAT) file systempartition at the host interface via the isolated environment processor.The first FAT file system partition includes a host write file and ahost read file. If not configured for secure partition only, furtherprogram instructions cause the trusted computing device to present annon-secured second FAT file system partition with access to the memorynon-secured partition at the host interface via the isolated environmentprocessor.

Program instructions of the trusted computing device computer programproduct cause the trusted computing device to receive, via the hostwrite file, requests to perform trusted computing in the isolatedenvironment. The trusted computing includes one or more of: randomnumber generation, append-only logging, monotonic counting, streamingencryption and decryption, bulk encryption and decryption, access tocryptographic primitives, and isolated storage. Further programinstructions cause the trusted computing device to perform the requestedtrusted computing using at least one of the isolated environmentprocessor, the memory secure partition and the auxiliary processor, andthen write the trusted computing results to the host read file.

In certain example aspects described herein, a computer-implementedmethod for secure host interaction is provided. For example, a trustedcomputing device that is associated with a host computing devicereceives restricted information. The trusted computing device ispreconfigured, for example, to include an isolated environment and ahost interface, the host interface including a write file and a readfile. The isolated environment, for example, is not directly accessibleto the host computing device. The trusted computing device stores thereceived restricted information, for example, in a secure storage of theisolated environment.

After receiving the restricted information, the write file of thetrusted computing device receives a write-file entry from the hostcomputing device. The write file entry, for example, includes anindication of the restricted information that is responsive to thewrite-file entry. The trusted computing device then processes thewrite-file entry in the isolated environment of the trusted computingdevice. To process the write-file entry, the trusted computing deviceidentifies—based on the indication of the restricted information that isresponsive to the write-file entry—at least a portion of the restrictedinformation that is responsive to the write-file entry. The trustedcomputing device then generates an output, such as a secure output, tothe read file of the trusted computing device. The generated output,such as a generated secure output, is then available to the hostcomputing device in the read file of the trusted computing device.

In certain example aspects described herein, also provided is a methodfor secure communication, such as communication between two or more hostcomputing devices. For example, a first trusted computing deviceassociated with a first host computing device receives a firstcommunication from a first user. A secure interface receives the firstcommunication, the first secure interface being isolated from a hostinterface of the first trusted computing device. For example, the secureinterface is associated with an isolated environment that isolates thesecure interface.

After receiving the first communication, the first trusted computingdevice encrypts the first communication in the first isolatedenvironment of the first trusted computing device. The first isolatedenvironment, for example, is not directly accessible to the first hostdevice. The first trusted computing device then transmits the encryptedfirst communication to a first read file of the host interface of thefirst trusted computing device. The encrypted first communication isthen available to the first host computing device in the first read fileof the first trusted computing device. The first host computing devicethen transmits the encrypted first communication to a second hostcomputing device, the second host computing device being separate fromthe first host computing device.

Following transmission of the encrypted first communication to thesecond host computing device, a second trusted computing deviceassociated with the second host computing device receives the encryptedfirst communication. The second host computing device, for example,transmits the encrypted first communication to the second trustedcomputing device associated with the second host computing device, and awrite file of a host interface of the second trusted computing devicereceives the encrypted first communication. The second trusted computingdevice decrypts the encrypted first communication of the first user in asecond isolated environment of the second trusted computing device, thesecond isolated environment being not directly accessible to the secondhost device.

After decrypting the encrypted first communication, the second trustedcomputing device transmits the decrypted first communication to a seconduser. For example, the second trusted computing device transmits thedecrypted first communication to the second user via a second secureinterface of the second trusted computing device, the second secureinterface being isolated from the host interface of the second trustedcomputing device. The second user then receives the decrypted firstcommunication.

In certain example aspects described herein, also provided is a methodfor secure event log management. For example, a trusted computing deviceassociated with a host computing device receives a write-file entry intoa write file of a host computing device interface of the trustedcomputing device. In response to receiving the write-file entry, thetrusted computing device determines log data associated with thewrite-file entry. Based on the determined log data, the trustedcomputing device establishes—in an isolated environment of the trustedcomputing device that is not directly accessible to the host computingdevice an event log entry. The trusted computing device then records theevent log entry in a secure storage of the isolated environment. If anauthorized user requests access to the event log entry, for example, thetrusted computing device provides the event log entry to the user,either via a secure interface or via a read file of the trustedcomputing device.

In certain example aspects described herein, before generating an outputto the read file, such as an encrypted communication, an event logentry, or other output such as a secure output, the trusted computingdevice transmits a request to the user via a secure interface of thetrusted computing device to authorize processing of the write-fileentry. In response to the request for the user to authorize theprocessing of the write-file entry, the trusted computing devicereceives a user input into the secure interface of the trusted computingdevice. The user input, for example, operates as an authorization forthe trusted computing device to process the write-file entry. Thetrusted computing device thus processes the write-file entry.

These and other aspects, objects, features, and advantages of theexample embodiments will become apparent to those having ordinary skillin the art upon consideration of the following detailed description ofillustrated example embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting a system 100 for secure storage andmanagement of restricted information, in accordance with certain exampleembodiments.

FIG. 2 is a block diagram depicting a trusted computing device, inaccordance with certain example embodiments.

FIG. 3 is a block diagram depicting a system for trusted computing, inaccordance with certain example embodiments.

FIG. 4 is a block flow diagram depicting a method for secure hostinteraction via an isolated environment, in accordance with certainexample embodiments.

FIG. 5 is a block flow diagram depicting a method for processing awrite-file entry from an untrusted host device, in accordance withcertain example embodiments.

FIG. 6 is a block flow diagram depicting a method for authorizingtransmission of an output to a read file of the trusted device, inaccordance with certain example embodiments, in accordance with certainexample embodiments.

FIG. 7 is a block diagram depicting a system for secure communicationsbetween two or more host computing devices, in accordance with certainexample embodiments.

FIG. 8 is a block flow diagram depicting a method for securecommunication between untrusted host devices, in accordance with certainexample embodiments.

FIG. 9 is a block flow diagram depicting a method for receiving anencrypted communication via a second trusted device, in accordance withcertain example embodiments.

FIG. 10 is a block flow diagram depicting a method for secure event logmanagement, in accordance with certain example embodiments.

FIG. 11 is a block flow diagram depicting parallel methods forcommunicating an event log entry to an authorized user, in accordancewith certain example embodiments.

FIG. 12 is a block diagram depicting a computing machine and a module,in accordance with certain example embodiments.

DETAILED DESCRIPTION Overview

As disclosed herein, a trusted device secures information in an isolatedenvironment, thus isolating the information from an untrusted hostdevice associated with the trusted computing device. For example, thetrusted computing device stores restricted information, such as privateuser information, cryptographic data, or event log entries of the host,in a secure storage of the isolated environment. An isolated environmentprocessor in the isolated environment then allows the trusted computingdevice to function as a gatekeeper of the private information. Forexample, the trusted computing device receives a request pertaining tothe restricted information and generates a secure output that isavailable to the host device for additional processing. In certainexamples, the trusted computing device encrypts user communicationsusing the stored restricted information. A second trusted device thendecrypts the communication using similarly stored restricted informationand provides the communication to a second user. In other examples, thetrusted device stores event log entries in a secure storage of thetrusted device so that the log entries cannot be modified. The trusteddevice then provides the event log entries to an authorized user.

In some embodiments, the trusted computing device is a microSD formfactor device that includes an isolated environment, a microSD hostinterface, a secure interface, and a computer program product fortrusted computing. The isolated environment includes an isolatedenvironment processor, memory, and an auxiliary processor.

The memory is divided into a secure partition and a non-securepartition, and is connected for data communication with the isolatedenvironment processor. The auxiliary processor is connected for datacommunications to the isolated environment processor and the memory.Both of the memory and the auxiliary processor are in data communicationwith a host only through the isolated environment processor. Both thehost interface and the secure interface are connected for datacommunication to the isolated environment processor.

The computer program product includes non-transitory computer-readablemedia having computer-executable program instructions embodied thereon.The instructions, when executed by the trusted computing device, causethe trusted computing device to perform trusted computing. In particularthe computer program product includes instructions to provision thetrusted computing device for cryptographic operations via the secureinterface. Additional program instructions cause the trusted computingdevice to present a first File Allocation Table (FAT) file systempartition at the host interface via the isolated environment processor.The first FAT file system partition includes a host write file and ahost read-only file. Further program instructions cause the trustedcomputing device to present an non-secured second FAT file systempartition with access to the memory non-secured partition at the hostinterface via the isolated environment processor.

Program instructions of the trusted computing device computer programproduct cause the trusted computing device to receive, via the hostwrite file, requests to perform trusted computing in the isolatedenvironment. The trusted computing includes one or more of: randomnumber generation, append-only logging, monotonic counting, streamingencryption and decryption, bulk encryption and decryption, access tocryptographic primitives, and isolated storage. Further programinstructions cause the trusted computing device to perform the requestedtrusted computing using at least one of the isolated environmentprocessor, the memory secure partition and the auxiliary processor, andthen write the trusted computing results to the host read file.

Also disclosed are systems and methods for using the trusted device. Incertain examples, the trusted device receives restricted informationfrom a trusted source, such as a trusted second-party computing system.The restricted information can be any type of private information, suchas confidential information of the user, confidential information of thesecond-party computing system, and/or cryptographic data needed toencrypt/decrypt confidential data transmissions. A user's bank, forexample, may provision the trusted device by installing the user'sprivate banking account information on the trusted device via the secureinterface of the trusted device. The bank may also transmitcryptographic data to the trusted device via the secure interface. Thetrusted device receives the restricted information, such as the user'sbank account information and cryptographic data, and stores therestricted information in a secure storage of the trusted device.

After the second-party computing system provisions the trusted device,for example, the user connects the trusted device to an untrusted hostdevice, such as the user's home computer or mobile phone. The trusteddevice and the untrusted host can then interact to utilize therestricted information on the trusted device without disclosing therestricted information to the untrusted host. For example, the user mayuse the untrusted host device and the trusted device to complete afinancial transaction, such as a money transfer or withdrawal using theuser's bank account information. The untrusted host device, for example,may communicate the amount of the money transfer to the write-file ofthe trusted device, along with a request to complete the transaction.The isolated environment receives the write-file entry, which includesthe transfer amount and the transfer request.

Once the isolated environment of the trusted device receives thewrite-file entry, an isolated processor within the isolated environmentprocesses the write-file entry, such as by reading the content of thewrite-file entry and identifying restricted information that isresponsive to the content of the write-file entry. For example, if therestricted information includes banking information of the user, thetrusted device may use the banking information to process the moneytransfer or withdrawal. The isolated processer, for example, canretrieve the user's private financial account information from thesecure storage of the trusted device and generate an output to theread-file authorizing the money transfer—all in the isolatedenvironment. The isolated environment, for example, is not directlyaccessible to the host device. Instead, the host device indirectlyaccesses the isolated environment through a host interface that includesa read file and a write file. In certain examples, before generating theoutput the trusted computing device can secure the output, such as byusing any previously receives cryptographic data. The secure output mayinclude, for example, the encrypted account information of the user andan encrypted transfer authorization.

After transmission of the secure output to the read file of the trusteddevice, the untrusted host device can retrieve the secure output andcomplete any further processing related to the secure output. Forexample, if the secure output includes encrypted account information ofthe user and an encrypted transfer authorization, the untrusted mayretrieve the secure output from the read file of the trusted device. Theuntrusted host device can then process the secure output by routing thesecure output to a communication application, which then transmits tothe secure output to the user's bank. The bank can then decrypt thesecure output and thereafter complete the money transfer or withdrawalfor the user.

In certain examples, two or more trusted devices may be used to providesecure communications between multiple users. For example, the trusteddevice may be attached to or integrated into a user headset that isconnected to an untrusted host device, such as the user's phone. Twousers can pair the two trusted devices of the headsets together, so thateach trusted device of the pair receives corresponding cryptographicdata. Each trusted computer device can then store the cryptographicdata, such as corresponding crypto keys, in the secure storage of thetrusted device. Additionally or alternatively, in certain examples asecond-party computing system may provision the trusted devices with thecryptographic data by providing the cryptographic data to the trusteddevice pair via the secure interface of each trusted device.

Once two devices are paired, for example, a first user in one locationcan securely communicate with a second user in a different location. Forexample, the first user provides a communication into the secureinterface of the trusted device, such as by speaking into a microphoneof a headset associated with the trusted device. The isolatedenvironment then receives the user's communication via the secureinterface. A processor in the isolated environment encrypts thecommunication, and then transmits the communication, as a secure output,to the read file of the trusted device. An untrusted host deviceassociated with the trusted device, such as the first user's mobilephone, can then receive the encrypted communication from the read fileof the trusted device. For example, if the trusted device is attached toor integrated into a headset, the headset may wirelessly transmit theencrypted communication to the first user's mobile phone (the untrusteddevice in this example). The first user's mobile phone can then transmitthe encrypted communication to a second untrusted host device, such as amobile phone of the second user, via a network.

After receiving the encrypted communication, the second untrusted hostdevice writes the encrypted communication to the write file of a secondtrusted device associated with a second user. For example, the seconduser's mobile device may receive the encrypted communication via anetwork and then wirelessly transmit the encrypted communication to thewrite file of a second trusted device that is attached to or integratedinto a headset of the second user. The isolated environment receives theencrypted communication from the write file, and an isolated processorwithin the isolated environment decrypts the encrypted communication.For example, the processor retrieves the cryptographic data from thesecure storage of the isolated environment and then relies on thecryptographic data to decrypt the communication. The trusted device thenprovides the decrypted communication to the second user via a secureinterface of the second trusted device. For example, the second trusteddevice provides the decrypted communication directly to the user viaspeaker that is connected to the secure interface of the second trusteddevice. The second user then receives the decrypted communication.During such communications, at no time is the decrypted communication,or cryptographic keying material, accessible to an untrusted hostdevice.

In certain examples, such as in a two-way or bidirectional communicationbetween two users, the second user may provide a secure communication tothe first user by reversing the secure communication method describedherein. For example, the second user may speak into a microphone that isassociated with the secure interface of the second trusted device. Thesecond trusted device receives the communication via the secureinterface, and a processor of the isolated environment encrypts thecommunication of the second user. The processor then transmits theencrypted communication to a read file of the second trusted device. Thesecond user's mobile phone, as the untrusted host device, receives theencrypted communication and transmits the encrypted communication to thefirst untrusted host device, such as the mobile phone of the first user.The first untrusted host device transmits the encrypted communication toa write file of the untrusted host device associated with the firstuntrusted host, and a processor in the isolated environment decrypts thecommunication using the cryptographic data. The trusted device thenprovides the decrypted communication from the second user to the firstuser via the secure interface of the first trusted device.

In addition to the above methods and systems, also provided herein is amethod and system for establishing a secure system log. For example, auser may wish to use the trusted device to record system log evententries of the user's host device, such as attempts to access and/or usethe user's device. Additionally or alternatively, the user may wish touse the trusted device to record attempts by others to access and/or usethe restricted information. As such, the user may authorize the trusteddevice to monitor and record activity associated with the trusteddevice, such as by connecting the trusted device to the user's computingdevice.

Once connected to the host device, the trusted device can securelyreceive and store system log event entries in the secure storage of theisolated environment of the trusted device. For example, every time thehost device transmits a request to a write file of the trusted device,the isolated processor of the trusted device determines log data for thewrite-file entry. The processor then records an event log entry for thewrite-file entry in the secure storage of the trusted device.

After the log data is recorded in the secure storage of the isolatedenvironment, an untrusted host device cannot access, tamper with,delete, or otherwise alter the stored log data. An attacker, forexample, cannot access the stored log data via the untrusted host—or thetrusted device—as an attacker would not be authorized to access thesecure interface of the trusted device. Instead, only an authorized usercan access the stored log data. For example, the user may request theevent log entry via the secure interface of the trusted device. Thetrusted device then provides the event log entry to the user via thesecure interface, and the user receives the event log entry via thesecure interface. Yet at no point is an attacker, or authorized user,permitted to modify or otherwise alter the log data recorded to securestorage.

Additionally or alternatively, the user may receive the event log entryusing a different host device. For example, the user may remove thetrusted device from the host device, and then connect the trusted deviceto a different host device. The user can then request the event logentry from the trusted device, such as by directing the second hostdevice to create a write-file entry requesting the event log entry. Thetrusted computing device receives the request, and then processes therequest to generate an output in a read file of the trusted computingdevice—the output including the event log entry. The second host devicethen receives the output from the read file, and provides the output tothe user. The user then vies the output and hence the event loginformation, such as via a user interface of the second host device.

In certain examples, the methods and systems described herein may relyon a user input into the trusted computer device, such as a “proof oflife” and/or identity confirmation, before processing the restrictedinformation and/or transmitting the secure output to the read file. Forexample, before transmitting the secure output to the read file of thetrusted device, the trusted device may notify the user that a user inputis needed, such as by providing a blinking light, chime, or othercommunication to the user. The user can then respond to the user inputrequest from the trusted device via the secure interface of the trusteddevice, such as by touching a secure sensor associated with the secureinterface of the trusted device.

Additionally or alternatively, the user may provide a user security codeto the trusted device via the secure interface, such as by directlyinputting the code into the body of the trusted device and/or into aseparate computing device that is securely connected to the trusteddevice via the secure interface. For example, the trusted device mayrequire such “proof of life” and/or identity confirmation of the userbefore transmitting an encrypted money transfer or withdrawalauthorization to the read file of the trusted device. Additionally oralternatively, the trusted device may require such “proof of life”and/or identity confirmation before providing access through the secureinterface. In certain examples, such “proof of life” and/or identityconfirmation may be required before information is communicated througha secure interface. For example, the trusted device may require “proofof life” and/or identity confirmation before transmitting secureinformation to a user via the secure interface, such as beforetransmitting system log event entries from the secure storage to a user.

By securing private information in an isolated environment that is notdirectly accessible to an untrusted host device, the devices, systems,and methods described herein protect users from the vulnerabilitiesassociated with the user's computing devices. For example, the devices,systems, and methods described herein allow a user to securely userestricted information to complete activities—such as money transfers,withdrawals, or other banking activities—that would otherwise expose theuser's restricted information to an untrusted (and non-secure) hostcomputing device. The devices, systems, and method described herein alsoallow users to privately communicate without ever exposing the contentof their communications to an untrusted (and non-secure) host computingdevice. Further, by providing a method for secure event log management,the devices, systems, and methods described herein prevent hackers orothers with a malicious intent from covering their tracks.

Example System Architectures

Turning now to the drawings, in which like numerals indicate like (butnot necessarily identical) elements throughout the figures, exampleembodiments are described in detail.

FIG. 1 is a block diagram depicting a system 100 for secure storage andmanagement of restricted information, in accordance with certain exampleembodiments.

As depicted in FIG. 1, the system 100 includes network computing devices110 and 120 that are configured to communicate with one another via oneor more networks 105. In some embodiments, a user 101 associated with adevice must install an application and/or make a feature selection toobtain the benefits of the techniques described herein. For example, auser 101 may choose to install, turn on, or otherwise activate a serviceon the on the untrusted host computing device 110, and installapplication programming interface (API) code on the host computingdevice 110 to allow the host computing device 110 to use the trustedcomputing device 130.

In certain example embodiments, the network 105 can include a local areanetwork (“LAN”), a wide area network (“WAN”), an intranet, an Internet,storage area network (“SAN”), personal area network (“PAN”), ametropolitan area network (“MAN”), a wireless local area network(“WLAN”), a virtual private network (“VPN”), a cellular or other mobilecommunication network, Bluetooth, Bluetooth low energy, near fieldcommunication (“NFC”), Wi-Fi, or any combination thereof or any otherappropriate architecture or system that facilitates the communication ofsignals, data, and/or messages. Throughout the discussion of exampleembodiments herein, it should be understood that the terms “data” and“information” are used interchangeably herein to refer to text, images,audio, video, or any other form of information that can exist in acomputer-based environment.

Each network computing device 110 and 120 includes a device having acommunication module capable of transmitting and receiving data over thenetwork 105. For example, each network computing device 110 and 120 caninclude a server, desktop computer, laptop computer, tablet computer, atelevision with one or more processors embedded therein and/or coupledthereto, smart phone, handheld computer, personal digital assistant(“PDA”), or any other wired or wireless, processor-driven device. In theexample embodiment depicted in FIG. 1, the network computing devices 110and 120 are operated by users 101, host computing device 110systemoperators (not shown), or second-party computing system operators 120,respectively.

The user 101 can employ a communication application 111, such as a webbrowser application (not shown) or a stand-alone application, to view,download, upload, or otherwise access documents or web pages via adistributed network 105. The communication application 111 of the hostcomputing device 110 can interact with web servers or other computingdevices connected to the network 105. For example, the communicationapplication 111 can interact with the second-party computing system 120.In certain example embodiments, the communication application may alsointeract with the trusted computing device 130, such as via theauxiliary interface 113 of the host computing device 110.

In addition to the communication application 111, the host computingdevice 110 (or “host device”) may include a variety of host applications112, such as an email application, text messaging application, contactsapplication, or other applications. For example, the host applications113 may include an application that the user 101 downloads and installsfrom the user's financial institution, such as an application from theuser's bank. The user 101 can then use the banking application, alongwith the trusted computing device 130 (or “trusted device”), to conductfinancial interacts with the user's financial institution as describedherein. In certain example embodiments, the host applications 112 mayinclude a digital wallet application. The digital wallet application mayencompass any application, hardware, software, or process the user 101of the host device 110 may employ to assist the user 101 in completing apurchase transaction.

The host device 110 also includes an auxiliary interface 113, whichincludes one or more ports for connecting the host device 110 to otherdevices, such as the trusted computing device. In certain exampleembodiments, the auxiliary interface 113 may include a wirelessinterface for connecting the host device 110 to other devices. Forexample, the auxiliary interface 113 may allow connections to otherdevices, such as the trusted computing device, via Bluetooth, Bluetoothlow energy, near field communication (“NFC”), Wi-Fi, or any combinationthereof.

The host device 110 also includes a data storage unit 114 that isaccessible by the communication application 111 or other hostapplications 112 of the host device 110. The example data storage unit114 can include one or more tangible computer-readable media. The datastorage unit 114 can be stored on the user computing device 110 or canbe logically coupled to the user computing device 110. For example, thedata storage unit 114 can include on-board flash memory and/or one ormore removable memory cards or removable flash memory.

The second-party computing system 120 (or “second-party system”)includes a server 121. The server 121, for example, may represent thecomputer-implemented system that the second-party computing system 120employs to provision the trusted device 130, such as described herein.For example, the server 121 may communicate restricted information tothe trusted device 130 via a trusted device interface 123 of thesecond-party system 120 and via a secure interface 137 of the trusteddevice 130. The trusted device interface 123, for example, represents atrusted port or other trusted connection to the second-party computingsystem 120. For example, the trusted device interface 123 of thesecond-party system 120 may include small computer system interface(“SCSI”), serial-attached SCSI (“SAS”), fiber channel, peripheralcomponent interconnect (“PCI”), PCI express (PCIe), serial bus, parallelbus, advanced technology attached (“ATA”), serial ATA (“SATA”),universal serial bus (“USB”), Thunderbolt, FireWire, or other connectionport.

In certain example embodiments, the second-party system 120 includes aweb site 122. The website 122, for example, may allow the user 101 tointeract with the second-party system 120. For example, if thesecond-party system 120 operates as the user's financial institution,the website may allow the user 101 to access financial accounts of theuser 101. The website 122 may also provide the user 101 withapplications the user 101 can download to the host device 110 of theuser 101, such as a banking application and/or digital walletapplication affiliated with the second-party system 120.

The second-party system 120 also includes a data storage unit 124. Incertain example embodiments, the data storage unit 124 may store privateand confidential information associated with a user 101, as describedherein. For example, if the second-party system 120 operates as theuser's financial institution, the data storage unit 124 may includefinancial account information of the user 101, such as a checkingaccount number, a savings account number, and/or a credit card number ofthe user 101.

In certain example embodiments, the data storage unit 124 may includecryptographic data, as described herein. For example, the second-partydevice 120 may provision the trusted device 130 to include correspondingcryptographic data for encrypting/decrypting communications. In suchembodiments, the data storage unit 124 may store compatiblecryptographic data for use in decrypting encrypted communicationreceived from the trusted device 130 via the host device 110, asdescribed herein. The server 121, for example, may process the receivedencrypted communication, such as by retrieving cryptographic data fromthe data storage unit 124 and applying the cryptographic data to theencrypted communication.

The exemplary data storage unit 124 of the second-party system 120 caninclude one or more tangible computer-readable media. The data storageunit 124 can be integrated into the second-party system 120 or can belogically coupled to the second-party system 120. For example, the datastorage unit 124 can include on-board flash memory and/or one or moreremovable memory cards or removable flash memory.

The trusted device 130 includes a host interface 132, such as a port,for interacting with the host device 130. The host interface 132 of thetrusted device 130 also includes a write file 133, which operates toreceive data from the host device via the host interface 132. The hostinterface 132 of the trusted computing device 130 also includes anisolated environment 138. The isolated environment 138, for example,includes various components of the trusted device 130 that are notdirectly accessible to the host device 110. Instead, as describedherein, the host device 110 interacts with the components of theisolated environment through the write file 133 and the read file 134.The isolated environment 138 includes, for example, an isolatedprocessor 135 and a secure storage 136. The isolated processor 135, forexample, represents the component of the trusted devices 130 thatprocesses write-file entries from the host device 110 or data receivedvia a secure interface 137 of the trusted device 130, as describedherein. The secure storage 136, for example, operates to receive andstore restricted information, as described herein, such as confidentialor private user information, cryptographic data, and/or or secure eventlog entries. The secure storage 136 also stores computer executableprogram instructions for execution on the trusted device 130. In someembodiments, the secure interface 137 of the trusted device 130represents a secure portal into the isolated environment 130 of thetrusted device 130, such as for receiving restricted information, asdescribed herein. The host interface 132 of the trusted device 130 alsoincludes a read file 134. The read file 134, for example, operates toreceive outputs from the isolated environment 138, such as from theisolated processor 135, as described herein. The host device 110 canthen receive the output from the read file 134 via the host interface132 and the auxiliary interface 113 of the host device 110. The detailsof the trusted device 130 are described herein below with reference toFIGS. 2 and 3.

Referring to FIG. 2, and continuing to refer to FIG. 1 for context, ablock diagram depicting a trusted computing device 130 in accordancewith certain example embodiments is shown. In the embodiments depictedby FIG. 2, a trusted computing device 130 includes an isolatedenvironment 138, a host interface 132, zero or more secure interfaces137, and a computer program product 139 that is distributed across thecomponents of the trusted device 130.

The isolated environment 138 includes an isolated environment processor135, zero or more auxiliary processors 135 a, and memory 136. The memory136 is connected for data communication with the isolated environmentprocessor 135. In some embodiments, the memory 136 includes both asecure partition and at least one non-secure partition. In someembodiments, the memory 136 includes at least 512 MB of nonvolatileflash memory.

Each auxiliary processor 135 a is connected for data communication withthe isolated environment processor 135 and the memory 136. While thedata communication connection between an auxiliary processor 135 a andthe memory 136 as shown in FIG. 2 is via the isolated environmentprocessor 135, a direct connection or a bus can serve to connecting theisolated environment processor 135, the auxiliary processor 135 a, andthe memory 136.

Each auxiliary processor 135 a and the memory 136 communicate with thehost outside the isolated environment 138 only through the isolatedenvironment processor 135. Each secure interface 137 and the hostinterface 132 are in data communication with the isolated environmentprocessor 135.

The computer program product 139 includes non-transitorycomputer-readable media having computer-executable program instructionsembodied thereon. When executed by the trusted computing device 130, theprogram instructions cause the trusted computing device 130 to perform avariety of trusted computing operations. In embodiments that include asecure interface 137, the program instructions cause the trustedcomputing device 130 to provision itself, such as for cryptographicoperations, in cooperation with an external device via the secureinterface 137. In some embodiments that do not include a secureinterface 137 in production models, the trusted device manufacturerprovisions the trusted device 130 using an interface not exposed in theproduction model. In some embodiments, while trusted device 130provisioning can be performed via a secure interface 137, provisionedinformation (such as cryptographic keys) cannot be read from theisolated environment 138.

Using the program instructions of the computer program product 139, thetrusted device 130 presents a first file system partition via the hostinterface 132 from the isolated environment processor 135. The firstfile system partition comprises a host read file 134 and a host writefile 133. In some embodiments, the first file system partition ischaracterized by file creation and file deletion privileges allocatedonly to the isolated environment processor 135, and the read file 134 isread-only with respect to a host 110.

In embodiments where the memory 136 includes a non-secure partition, theprogram instructions, when executed by the trusted device 130, present anon-secured second file system partition with access to the memory 136non-secure partition at the host interface 132 via the isolatedenvironment processor 135.

Using the program instructions of the computer program product 139, theisolated environment 138 receives requests to perform trusted computingin the isolated environment 138 via the write file 133. The trustedcomputing operations performed by the trusted device 130 include one ormore of: random number generation, append-only logging, monotoniccounting, streaming encryption and decryption, bulk encryption anddecryption, secure storage, and sealed storage, access to cryptographicprimitives, and other operations described elsewhere herein. Under thecontrol of the program instructions of the computer program product 139,the isolated environment 138 performs the requested trusted computingoperations using at least one of the isolated environment processor 135,the memory 136 secure partition, and any present auxiliary processors135 a. The isolated environment processor 135, executing programinstructions of the computer program product 139, writes the results ofthe trusted computing performed in the isolated environment 138 to thehost read file 134.

The isolated environment processor 135, can be one of manymicroprocessors or microcontrollers suitable to provide separableinterfaces to 1) an untrusted host 110 via the host interface 132, 2)zero or more trusted secure external devices via the zero or more secureinterfaces 137, and 3) elements of the isolated environment 130. In someembodiments, the isolated environment processor 135 is a low powermicro-controller such as the ARM M3, M4 whereas in other embodiments theprocessor may be a full featured application processor such as Intel'sPENTIUM™ or similar. A substantial portion of the program instructions,such as provisioning the trusted device 130, reading input from the hostwrite file 134, performing less time-sensitive trusted operations suchas bulk encryption/decryption, and writing results to the host read file133, are performed by the isolated environment processor 135 in someembodiments. In some embodiments, one or both of the host interface 132and each secure interface 137 are integrated into the isolatedenvironment processor 135.

An auxiliary processor 135 a can be included in the isolated environmentfor various reasons, including improving overall trusted device 130manufacturability. Existing cryptographic processors, especially thoseperforming time-sensitive tasks, often implement some functionality inhardware, for example, cryptographic processors implemented asApplication-Specific Integrated Circuits (ASICs). Implementation ofsystem functionality in an ASIC can reduce system costs, save space,allow management power consumption, save manufacturing cost, and resultin fewer discrete components (a factor in reliability andmaintainability). For example, the isolated environment 138 can includean auxiliary processor 135 a to perform streaming encryption for voiceand video, a real time task for high bandwidth data, in conjunction withthe memory 136 secure partition. Other reasons to include using anauxiliary processor 135 a to measure the operation/execution of the mainprocessor 135 in the isolated environment 138. In this way, theauxiliary processor is an attestation processor that states whether thesecure environment is operating as expected integrity measurements. Insome embodiments, an auxiliary processor 135 a includes one or moresecure interfaces separate from those controlled by the isolatedenvironment processor 135. As an example, consider an auxiliaryprocessor 135 a including a secure NFC interface for “proof of life” ordevice attestation. In such cases, the isolated environment can beconsidered extended to a trusted device at the other end of the NFCinterface.

In some embodiments of the trusted device 130, a secure interface 137can be used, in combination with the computer program product 139 andthe isolated environment 138, for provisioning the trusted computerdevice 130, for example, loading keys for cryptographic operations andperforming software upgrades. In some such embodiments, the secureinterface 137 can be implemented as a Joint Test Action Group (JTAG),I2C, SPI, or other similar interfaces.

In some embodiments of the trusted device 130, a secure interface 137can be used, in combination with the computer program product 139 andthe isolated environment 138, for implementing a challenge-responseprotocol. In a challenge-response protocol, a “challenge” is presentedthat requires a valid “response” in order to proceed with a givenactivity. For example, in a trusted device 130 having a first secureinterface 137 including an light emitting diode (LED) visible to a user,and a second secure interface 137 that responds to touch, programinstructions of the computer program product 139 can be executed toilluminate the LED, signaling to a user that the user must touch thesecond secure interface 137 in order to proceed with a given activity ofthe trusted device 130. In some embodiments, the second secure interface137 is a capacitive sensor that takes human body capacitance as input.In some embodiments, a resistive touch sensor or a piezoelectric touchsensor is used.

As another example use of a secure interface 137, consider the system ofFIG. 3. In addition to the trusted computing device 130 described abovein connection with FIG. 2, the system 300 of FIG. 3 includes at leastone secure interface 137 a and a user interface device 310. The userinterface device 310 is in data communication with the isolatedenvironment 138 via the secure interface 137 a. Data communicationbetween the user interface device 310 and the trusted device 130 canemploy any one or a combination of a variety of connections (preferablywireless), including an Infrared Data Association (IrDA) link, aBLUETOOTH® wireless technology standard link, and a Near FieldCommunication (NFC) link. The trusted device 130 issues a challenge,such as lighting an LED on the trusted device 130 or sending a messageto a display of user interface device 130. The user 101 responds to thechallenge using the user interface device 310. In some embodiments, theresponse is a fingerprint response input to the user interface device310. In some embodiments, the response is an answer to an authenticationquestion presented on a display of the user interface device 310. Insome embodiments, the user interface device 310 can be a mobilecommunication device such as a mobile phone. In some embodiments, theuser interface device 310 can be an NFC-enabled fob.

The trusted device 130 computer program product 139 includes anoperating system, the file system interface (which presents the firstfile system partition along with user mode interfaces to the host 110 atthe host interface 132 via the isolated environment processor 135), andvarious applications. In some embodiments, the trusted device 130operates in three (3) modes: provisioning, runtime (including a usermode in which requests are received via the file system interface, andresults are written to the file system interface), andverification/attestation. In some embodiments, the trusted device 130communicates through a secure interface (i.e. JTAG) 137 in theprovisioning mode. In such embodiments, runtime includes user modeinteractions where communications are with the untrusted host via thefile system interface. The verification/attestation mode includescommunication with the user via a secure interface 137 out-of-bandchannel such as NFC, irda, etc.

In some embodiments, the operating system (OS) is a 32-bit, preemptivelymultitasking, interrupt-driven operating system. Applications running onthis OS have access to cryptographic primitives as part of cryptographicservices that are part of the computer program product 139, as well asaccess to the non-volatile memory 136 secure partition for storingpersistent data as part of user mode services of the OS. Further, the OSprovides an API for accepting incoming session requests from a host, andfor then using and managing those sessions as part of user mode sessionservices.

In some embodiments, user mode applications running in OS areresource-constrained. Before launching an application, the OS designatesregions of memory 136 secure partition for the application's initialstack and heap, both of which can be constrained, for example to acombined 4-6 kilobytes. Applications can be compiled directly into theOS image in such embodiments, so care should be taken to avoid functionand type names which conflict with OS and the trusted computing device130 libraries.

In some embodiments, when the trusted computing device 130 is connectedto a host 110, it presents the host operating system with acorrectly-formatted and partitioned FAT file system with the followinglayout: a master boot record (MBR) with a partition table necessary foraddressing the a first file system partition and the (optional) memory136 non-secure second file system partition. The first file systempartition contains two files, called “read file” and “write file,” whichcan be read and written to (respectively) by the host 110, and are theonly means of host 110—trusted computing device 130 communication. The(optional) memory 136 non-secure second partition provides unprotectednon-volatile storage area that can be read or written to by the host 110operating system.

Note that the first file system partition is not limited to using onlytwo files. If additional communication channels are required for anapplication, the trusted computing device 130 can present additionalfiles in this partition, each subject to the administrative control ofthe trusted device 130. In some embodiments, all blocks in the firstfile system partition that are not used by the device-controlled readfiles(s) 134 and write file(s) 133 can be marked as “bad.” The trusteddevice 130 controls access to the files in the first file systempartition. By presenting a standard FAT file system, the trustedcomputing device 130 can communicate with a wide range of hosts 110,while requiring a minimum of assumptions on the capabilities of the host110. Note that in some embodiments, additional files can be used, forexample, one or more third files (for reporting errors or alerting thehost 110 to specific global states (i.e. NOT RUNNING)—but in each casethe interface between the untrusted host 110 and the isolatedenvironment 138.

Also note that the (optional) memory 136 non-secure second partitionbehaves like a mass storage device, for example, a flash memory device.The trusted computing device 130 passes these interactions in atransparent fashion to the untrusted host 110.

Applications running on the host 110 can access the trusted device 130first file system partition directly, but for convenience a host-sidePortable Operating System Interface (POSIX)-style API is provided insome embodiments. The POSIX-style API includes operations foropening/closing sessions, as well as sending/receiving data.

Modern operating systems have sophisticated file system features thatare, unsurprisingly, optimized for use with actual file systems. Oneexample of this is caching, which provides significant benefits foraccessing a file system, but which may impede information flow over thetrusted computing device 130 first file system interface. To circumventthis behavior in embodiments implementing a POSIX-style API,applications can use “posix_fadvise” to mark the file descriptors with“POSIX_FADV_DONTNEED;” in this way, data input/output to the trustedcomputing device 130 first file system partition will not be cached bythe host 110 operating system. Additionally, when writing to the trusteddevice 130, the host 110 can call flush data to the file, for example,using “fsync.”

The trusted device 130 first file system partition allows applicationsrunning on the host 110 to establish a session (a stateful,bi-directional communications channel) with applications running on thetrusted computing device. Sessions can follow a client/server model,with peripheral applications acting as the server. Session endpoints,whether clients running on the host 110 or servers running on thetrusted computing device 130, can be identified by a hash/end-pointnumber pairing. This pairing can be distilled into a 16-byte universallyunique identifier (UUID) value, which can be used within the sessionmanagement code (on both the host 110 and the trusted device 130) toidentify known endpoints.

In some embodiments, when a host 110 application wishes to communicatewith a trusted device 130 application, it can: 1) generate an ellipticcurve cryptography (ECC) key pair; 2) choose a random end-point numberfor itself; 3) allocate and initialize a session context structure; 4)register its key hash and end-point number with the session managementlibrary; and 5) send a connection request to the trusted device 130 viathe first file system partition. The trusted device 130 application isthen notified of the inbound connection request. The trusted device 130then accepts the request or rejects it. If the connection is accepted,the host 130 application may send and receive data via the session. Upontermination of the session, session tear-down procedures common insession-based communication are followed.

In addition to applications described elsewhere herein, embodiments ofthe trusted device 130 makes a variety of cryptographic primitivesavailable to both applications running on the trusted device 130 andapplications running on the host 110. The trusted computing device 130can provide many of the same application APIs to its isolatedenvironment 138 applications as it does host 110 applications, forexample, streaming encryption service, tamper proof logging, andone-time password type authentication algorithms and keys.

In some embodiments, for launching an application in the OS user mode, asystem developer is responsible for invoking the OS initializationroutine, adding any custom tasks and setting their parameters, andlaunching the OS. Each task can be configured to include its ownisolated heap by specifying a valid size. It may then interact with theheap using a standard d1 malloc API. Sessions are the main method ofcommunication in the OS. These can leverage the file system interface inorder to define a bi-directional message channel between the task and aremote endpoint. The API can be derivative of a UNIX socket API fordatagram socket families, and the semantics can be similar, for example,open/close/sendto/recvfrom. In order to efficiently use CPU cycles, somesystem interfaces can suspend a given task and allocate CPU time toother operations. In most cases this is done automatically, for example,when a session operation must wait on data. In addition a task can electto give up its CPU time by issuing a “yield” system call.

To facilitate communications across the file system interface,embodiments of the trusted device 130 provide a set of functions forserializing and de-serializing primitive data types. One purpose ofthese routines is to ease the process of marshaling data between thehost 110 and trusted device 130. The trusted device 130 providesserializing/de-serializing routines for various primitive types: theintegral types, strings, and universally unique identifiers (UUIDs). Forricher data structures, some embodiments of the trusted computing deviceprovide a code generation utility, which consumes a header file (forexample a C-like header file) and produces source code and headers forthe serialization/de-serialization on these structures. In addition, theserialization/de-serialization utility generatesallocators/de-allocators, deep copy operators, comparison operators,setters and getters, and array resize operations. Structures may benested and may contain arrays whose lengths are determined at run-time.

Cryptographic primitives in certain embodiments of the trusted device130 are provided both to applications running in the isolatedenvironment 138 and to those running on the host 110, via a common API.These primitives include at least one of: Advanced Encryption Standard(AES) encryption, including electronic codebook (ECB) mode, Galoiscounter mode (GCM), and Xor-Encrypt-Xor (XEX) based tweaked-cookbookmode with cipher text stealing (XTS) mode; Elliptic curve cryptography(ECC), including Elliptic Curve Diffie-Hellman (ECDH) and Elliptic CurveDigital Signature Algorithm (ECDSA), performed over a modern,peer-reviewed curve (E-521) using high-efficiency algorithms; the SecureHash Algorithm (SHA)-256 hash function; and a key derivation routine forboth AES and ECC, based on SHA-256 with a design modeled after scrypt;and a National Institutes of Standards and Technology (NIST) compliantAES-based pseudo-random number generator.

In certain embodiments, trusted device 130 applications make use ofthese primitives both for communicating over the file system interface,as well as in performing their intended services. Host 110 applicationsuse these primitives primarily to communicate with the trusted device130. The supported cryptographic primitives were chosen carefully fortheir modernity and trustworthiness. AES in GCM mode is recommended bythe National Security Agency (NSA) Suite B cipher suite, as are ECDH,ECDSA, and SHA-256. For the ECC algorithms, curve E-521 was chosen asthe highest-security of the peer-reviewed curves in common use, forwhich efficient, branch-free algorithms are known to exist.

It will be appreciated that the network connections shown in FIG. 1 areexemplary and that other means of establishing a communications linkbetween the computers and devices can be used. Moreover, those havingordinary skill in the art having the benefit of the present disclosurewill appreciate that the host computing device 110, and the second-partycomputing system 120, illustrated in FIG. 1 can have any of severalother suitable computer system configurations. For example, a hostcomputing device 110 embodied as a mobile phone or handheld computer mayor may not include all the components described herein.

In certain example embodiments, the network computing devices and anyother computing machines associated with the technology presented hereinmay be any type of computing machine such as, but not limited to, thosediscussed in more detail with respect to FIG. 12. Furthermore, anymodules associated with any of these computing machines, such as modulesdescribed herein or any other modules (scripts, web content, software,firmware, or hardware) associated with the technology presented hereinmay by any of the modules discussed in more detail with respect to FIG.12. The computing machines discussed herein may communicate with oneanother as well as other computer machines or communication systems overone or more networks, such as network 105. The network 105 may includeany type of data or communications network, including any of the networktechnology discussed with respect to FIG. 12.

Example Processes

The components of the example operating environment 100 are describedhereinafter with reference to the example methods and diagramsillustrated in FIGS. 2-11. The example methods of FIGS. 2-11 may also beperformed with other systems and in other environments.

FIG. 4 is a block flow diagram depicting a method for secure hostinteraction via an isolated environment 138, in accordance with certainexample embodiments.

With reference to FIGS. 1-3, in block 405 of FIG. 4, the trusted device130 receives restricted information. That is, a trusted source, such asa second-party system 130, provisions the trusted device 130 to includeinformation that is inaccessible to an unauthorized user. The trusteddevice 130 then receives the information. For example, a user 101connects the trusted device 130 to a trusted source, such as asecond-party computing system 120, so that the trusted source cansecurely communicate restricted information to the isolated environment138 of the trusted device 130 via the secure interface 137 of thetrusted device 130. The communication occurs via the secure interface137, so that the untrusted host device 110—which may or may not also beconnected to the trusted device 130—does not have direct access to therestricted information. For example, the second-party computing system120 may connect to the trusted device 130 via the trusted deviceinterface 123 of the second-party computing system 120. The second-partysystem 120 then transmits restricted information to the trusted device130 via the trusted device interface 123 and the secure interface 137,the secure interface 137 being isolated from the host interface 132. Theisolated environment 138, such as an isolated environment processor 135of the isolated environment 138, then receives the restrictedinformation. The isolated environment processor 135 of the isolatedenvironment 138 thereafter regulates access to the restrictedinformation as described herein.

In certain example embodiments, the trusted computer device 130 receivesthe restricted information during the manufacture of the device, inwhich case provisioning via the secure interface 137 may not benecessary. Rather, the restricted information can be included directlyin the secure storage 136 of the manufactured device and/or provided viathe secure interface 137 during the manufacture of the trusted device130. The isolated environment processor 135 can then retrieve and usethe restricted information, as described herein.

As used herein, the “restricted information” includes any type ofconfidential or private information that is not publically available,such as private user information and/or cryptographic information. Forexample, the restricted information may include any type of personalinformation or personally identifiable information (“PII”) of a user101, such as the user's social security number, tax identificationnumber, or other personal identification number of the user 101.

In certain example embodiments, the restricted information may includefinancial account information of the user 101, such as a financialaccount number, a credit card account number, a debit card accountnumber, a personal identification number (“PIN”) for a financialaccount, or other financial account number. Additionally oralternatively, the restricted information may include any other digitalitems or objects that a user 101 does not want to become publicallyavailable, such as personal photographs, documents, spreadsheets, orother objects associated with or belonging to the user 101. Additionallyor alternatively, the restricted information may include event logentries; such as system log entries for the host device 110, which thetrusted computing device has stored in the secure storage 136 of theisolated environment 138.

In certain example embodiments, the restricted information mayadditionally or alternatively include cryptographic data. For example,the processor of the trusted device 130 can use the cryptographic datato encrypt/decrypt information, such as information contained in oraland/or written communications. As one skilled in the art willappreciate, a variety of conventional cryptographic methods arecompatible with the methods and systems described herein. For example,when provisioning the trusted device 130 as described herein to includea user's private financial account information, the user's financialinstitution may provide cryptographic data to the trusted device 130 viathe secure interface 137. The cryptographic data, for example, allowsthe trusted device 130 to provide encrypted communications to thefinancial institution via the untrusted host device 110, as describedherein.

In certain example embodiments, the restricted information may includeinformation that the trusted device 130 establishes based on informationreceived from the host device 110. For example, in certain embodiments,such as when the trusted device 130 manages and maintains system logevent entries of the host device 110 as described herein, the trusteddevice 130 establishes event log entries based on information receivedfrom the host device 110. The trusted device 130 then maintains theevent log entries as restricted information in the isolated environment138 as described herein.

In block 410, the trusted device 130 stores the restricted informationin a secure storage 136 of trusted device 130. For example, afterreceiving the restricted information via the secure interface 137 of thetrusted device 130, the isolated environment processor 135 of theisolated environment 138 records the restricted information in thesecure storage 136, so that the isolated environment processor 135 canlater access the restricted information from the secure storage 136. Asdescribed herein, however, the secure storage 136 of the trusted device130 is not directly accessible to the untrusted host device 110. Hence,the untrusted host device 110 cannot directly access the restrictedinformation stored in the secure storage 136 of the isolated environment138. Instead, the host device 110 accesses the isolated environment ofthe host interface 132 as described herein.

In block 415, the trusted device 130 receives a write-file entry fromthe untrusted host device 110 via a host interface 132 of the trusteddevice 130. That is, once the trusted device 130 is connected to anuntrusted host device 110 as described herein, the untrusted host device110 transfers data, in the form of a write-file entry, to the write file133 associated with the host interface 132 of the trusted device 130.For example, the host device 110 transfers the data via the auxiliaryinterface 113 of the host device 110. The write file 133 associated withthe host interface 132 of the trusted device 130 then receives thewrite-file entry.

By transferring the write-file entry to the trusted device 130, a user101 can utilize the untrusted host device 110—along with the trusteddevice 130—to complete tasks on behalf of the user 101, without exposingthe restricted information to the host device 110. For example, a user101 may provide a command or input to the untrusted host device 110 thatrequires access to the restricted information, such as access to theuser's financial account information stored in the secure storage 136.In response to the command or input, for example, the untrusted hostdevice 110 transmits the write-file entry to the write file 133 of thetrusted device 130. The write file 133 of the trusted device 130 thenreceives the write-file entry via the secure interface 132.

In certain example embodiments, the write-file entry may include anycontent related to the restricted information stored in the securestorage 136 of the trusted device 130. For example, the write-file entrymay include an executable command or request regarding the financialaccount information of the user 101 that is stored in the secure storage136, such as a request to transfer or withdrawal money from a userfinancial account. Additionally or alternatively, the write-file entrymay include an executable command or request relating to the user'ssocial security card number, tax identification number, or otherpersonal identification number of the user 101. Additionally oralternatively, the write-file entry may include an executable command orrequest relating to digital items or objects that the user 101 does notwant to become publically available, such as personal photographs,documents, spreadsheets, or other objects associated with or belongingto the user 101. In certain example embodiments, the write-file entrymay include event log entry information that, as described herein, thetrusted device 130 establishes as restricted information.

Further, because the write-file entry can include any content related tothe restricted information, the write-file entry also provides anindication of the type of information, such as restricted informationstored in the secure storage 136, that may be responsive to thewrite-file entry. For example, if the write-file entry includes anexecutable command or request to process a money transfer or moneywithdrawal for the user 101, the content of the write-file entry—thatis, the money transfer or withdrawal request provides an indication thatinformation responsive to the write-file entry includes the financialaccount information of the user 101. Such responsive financial accountinformation may include, for example, the user's financial accountnumber and any PIN associated with the financial account number. Incertain example embodiments, the indication may be a specificindication. For example, the write-file entry may include a request totransfer money from a specific financial of the user 101, such as asavings account of a user 101, to another account of the user 101, suchas a checking account of the user 101.

In block 420, the trusted device 130 processes the received write-fileentry to generate an output, such as a secure output. That is, in theisolated environment 138, the trusted device 130 reads the write-fileentry to identify what, if any, restricted information may be responsiveto the write-file entry. The trusted device 130 then determines anoutput based on the identified restricted information that is responsiveto the write-file entry. The trusted device 130 then optionally securesthe output; such as by encrypted the output, to generate a secureoutput. The details of block 420 are described in further detail belowwith reference to FIG. 5.

FIG. 5 is a block flow diagram depicting a method 420 for processing awrite-file entry from an untrusted host device 110, in accordance withcertain example embodiments and as referenced in block 420 of FIG. 4.

With reference to FIG. 5, in block 505 of method 420, the trusted device130 determines, from the write-file entry, an indication of informationthat is responsive to the write-file entry. That is, after receiving thewrite-file entry into the write file 133 of the trusted device 130, theisolated environment processor 135 of the trusted device 130 retrievesthe write-file entry from the write file 134. The isolated environmentprocessor 135, for example, then reads the content of the write-fileentry. By reading the content of the write-file entry, the isolatedenvironment processor 135, for example, determines what (if any)restricted information may be responsive to the write-file entry. Forexample, if the write-file entry includes a request for a money transferor withdrawal involving a financial account of the user 101, theisolated environment processor 135 determines that the write-file entryincludes an indication that the user's financial account information isresponsive to the write-file entry.

In certain example embodiments, the indication may be a specificindication, such as a request to transfer money between specificfinancial accounts of the user 101. For example, the write-file entrymay include a request to transfer or withdraw money from a specificfinancial of the user 101, such as a savings account of a user 101.Hence, the isolated environment processor 135 may determine that thewrite-file entry includes an indication that the user's savings accountinformation is responsive to the write-file entry. In other exampleembodiments, the write-file entry may be a request to process a paymentwith the user's financial information. For example, a host application112, such as a digital wallet application, may provide a write-fileentry seeking the user's financial information to complete a paymentwith the digital wallet application. The trusted device 130 thusdetermines that the write-file entry provides an indication that theuser's financial information, such as a financial account number, isneeded to process the digital wallet payment request.

In block 510, the trusted device 130 identifies restricted informationresponsive to the write-file entry. That is, based on the indication ofinformation responsive to the write-file entry, the trusted device 130reads the contents of the secure storage 136 for any restrictedinformation relevant to the write-file entry. For example, if theisolated environment processor 135 determines that the write-file entryincludes an indication that the user's financial account information isresponsive to the write-file entry, the isolated environment processor135 reads the contents secure storage 136 to identify the user'sfinancial account information.

As described herein, the secure storage 136 may include a variety ofrestricted information. Hence, in certain example embodiments, theisolated environment processor 135 may identify only that portion of therestricted in formation that is responsive to the write-file entry. Forexample, if the determined indication relates only to the user's savingsaccount number—and not a checking account number of the user 101—theisolated environment processor 135 may only identify the user's savingsaccount number as the portion of restricted information that isresponsive to the write-file entry.

In block 515, the trusted device 130 generates an output based on theidentified restricted information that is responsive to the write-fileentry. That is, the isolated environment processor 135 of the trusteddevice 130 applies the identified restricted information to anyexecutable command or request included in the write-file entry, so as tocarry out any instruction pertaining to the write-file entry. Theisolated processor 135 then creates an output that is responsive to thewrite-file entry.

In certain example embodiments, such as when the write-file entryprovides an indication that the user's financial account information isresponsive to the write-file entry, the output may relate to a financialtransaction involving an account of the user 101. For example, if thewrite-file entry involves a request for a money transfer or withdrawalfrom a user financial account, the trusted device 130 may generate anoutput that can be used to initiate and approve the financialtransaction. That is, the isolated environment processor 135 may, basedon the user's identified account information in the secure storage 136,generate a communication that the untrusted host device 110 can send tothe user's bank or other financial institution. The communication mayinclude, for example, the specific account information of the user 101,the user's name, PIN, and/or the amount to be transferred or withdrawn.Including the user's PIN, for example, may constitute approval for thetransfer or withdrawal. In the case of a money transfer or withdrawal,the communication may include information about the account to which themoney is to be transferred or withdrawn, such as another account of theuser (or an account belonging to a different user). For example, if theuser 101 is transferring money from the user's savings account to theuser's checking account, the communication may include both the user'ssavings account number and the user's checking account number.

In block 520, the trusted device 130 optionally secures the output togenerate a secure output. That is, in certain example embodiments, theisolated environment processor 135 optionally modifies or changes theoutput so that the output will not disclose the contents of therestricted information to any unauthorized user. For example, theisolated environment processor 135 may encrypt the output, such as byretrieving and applying any cryptographic data previously stored in thesecure storage 136 of the trusted device 130. Encrypting the output, forexample, thus provides a secure output. If the output relates to afinancial transaction involving a savings account of the user 101, forexample, the output may include the user's savings account number. Theisolated environment processor 135 thus encrypts the user's savingsaccount number, along with any other restricted information, so that therestricted information of the user 101 will not be understandable to anunauthorized user that may have or gain access to the host device 110(and hence the contents of the host device 110).

In certain example embodiments, the encryption may be based on a hashvalue of the user's restricted information. For example, the encryptionmay be based on a hash value of the user's financial account informationand information identifying the user, such as a financial account numberof the user and the user's identifying information. As those skilled inthe art will appreciate, a number of hashing methods are available toencrypt the restricted information.

Returning to FIG. 4, in block 425 of FIG. 4, the trusted device 130transmits the output, such as an output the trusted computing device 130has secured, to the read file 134 of the trusted device 130. Forexample, when the isolated environment processor 135 encrypts an outputthat is responsive to the write-file entry—thus generating a secureoutput—the isolated environment processor 135 communicates the secureoutput to the read file 134 of the trusted device 130. The read file 134receives the secure output, thus making the secure output available andaccessible to the untrusted host device 110. In certain exampleembodiments, such as discussed below with reference to FIG. 6, thetrusted device 130 optionally receives a secure authorization from theuser 101 before processing the write-file entry to generate an outputand/or before transmitting the secure output to the read file 134.

In block 430, the untrusted host device 110 receives the output, such asthe secure output, and completes any host-side processing of the secureoutput. That is, the untrusted host device 110 accesses the read file134 via the auxiliary interface 113 of the host device 110 and the hostinterface 132 of the trusted device 130. The untrusted host device 110then reads the output, such as the secure output. By reading the output,for example, the untrusted host device 110 determines the content of theoutput. For example, by reading the content of the output, the untrustedhost device 110 may determine that the output is a secure output thatrelates to a previously sent write-file entry requesting a moneytransfer or withdrawal. Based on the content of the secure output, theuntrusted host device 110 can processes the secure output by taking anyfurther computing action needed to utilize the secure output. Forexample, if the secure output in the read file 134 is a response to awrite-file entry involving a money transfer or withdrawal request—andthe secure output includes an encrypted approval for the transfer—theuntrusted host device 110 can include the secure output into atransmission to the intended financial institution recipient via thenetwork 105. In other words, the additional processing includestransmitting the secure output to the financial institution of the user101.

In a financial transaction involving the user's restricted information,for example, such as a money transfer or withdrawal described herein,the actual restricted information of the user—such as the user'sfinancial account information—is never made publically available to theuntrusted host device in an non-secure form. Rather, only an encrypted,secure output, for example, may be made available to the untrusted hostdevice 110 for transmission over the network 105 to the user's financialinstitution. Once the user's financial institution receives the secureoutput for example, the financial institution can use the cryptographicdata corresponding to the cryptographic data used to provision thetrusted device 130 to decrypt the secure output. The financialinstitution can then take any action associated with the secure output,such as completing a money transfer or withdrawal for the user 101.

In certain example embodiments, if the output is a secure approval for apayment—such as a payment via a digital wallet application the digitalwallet application may use the secure output to complete the payment onbehalf of the user 101. For example, the digital wallet application ofmay wirelessly transmit the secure output to a credit card terminal of amerchant (not shown). The merchant terminal receives the secure output,for example, and then transmits the secure output to the correctacquiring bank/issuer, such as along traditional credit card rails.Additionally or alternatively, the merchant may transmit the secureoutput authorizing the payment via the network. The acquiringbank/issuer, for example, then receives and decrypts the secure outputto complete the payment transaction.

FIG. 6 is a block flow diagram depicting a method 600 for authorizingtransmission of the output to the read file 134, in accordance withcertain example embodiments.

With reference to FIG. 6, in block 605 of method 600, the trusted device130 is optionally configured to require user authorization of theoutput, such as authorization of the secure output. That is, in certainexample embodiments, an authorized user 101 and/or a manufacturer of thetrusted device 130 may optionally require the device to provide arequest seeking authorization to process the write-file entry ortransmit the secure output to the read file 134. For example, a user 101may access the trusted device 130 via the secure interface 137 and inputor select a control option requiring user authorization. Based on theinput or selection of the user 101, the trusted device 130 maythereafter require a “proof of life” and/or identity confirmation—suchas a challenge-response authentication procedure—before processing thewrite-file entry or transmitting the output to the read file 134, asdescribed herein. Additionally or alternatively, the manufacture of thetrusted device 130 may program the device, such as during themanufacturing process, to require the “proof of life” and/or identityconfirmation before processing the write-file entry or transmitting theoutput to the read file 134.

In block 610, if the trusted device 130 is configured to require a“proof of life” and/or identity confirmation before processing thewrite-file entry or transmitting the output to the read file 134, thetrusted device 130 transmits a request for the user 101 to provide auser input authorizing the output, such as the secure output. That is,the trusted device 130 provides a signal or other communication to theuser 101 to authorize processing of the write-file entry to generate asecure output and/or transmission of the secure output to the read file134. The signal can be any type of signal to the user, with the signaloriginating with the trusted device 130. For example, the signal may bea blinking light on the body of the trusted device 130 and/or an audiblenotification originating from a speaker associated with the trusteddevice 130.

In block 615, the trusted device 130 determines whether a user input hasbeen received via the secure interface 137. For example, if the signalto provide a user input is a blinking light and/or audible notification,then the user 101 receives the signal and if appropriate—provides aninput into the trusted device 130 via the secure interface 137. Based onthe received user input from the user 101, the trusted device 130determines that a user input has been received into the secure interface137 of the trusted device 130. If the user 101 does not provide a userinput, the trusted device 130 determines that no user input has beenreceived.

In certain example embodiments, the user input may be a direct inputinto the secure interface 137. For example, the user may touch a sensorassociated with the secure interface 137 of the trusted device 130,thereby providing a user input into the sensor (and hence the trusteddevice 130). In certain embodiments where identity confirmation isdesired, for example, the user 101 may also enter a user-specificsecurity code directly into a user interface of the secure interface 137of the trusted device 130. For example, the user may enter a PersonalIdentification Number (“PIN”) that is unique to the user 101 into apush-button user interface of the secure interface 137.

In certain example embodiments, the user input may be via a wirelessinput. For example, the user 101 may have a wireless key fob capable ofconnecting to the trusted device 130 via the secure interface 137. Thekey fob, for example, may rely on Bluetooth and/or Near FieldCommunication (“NFC”) technology to transmit a user input to the trusteddevice 130 via the secure interface 137. In certain example embodiments,the wireless user input may include a security code that the fobtransmits to the trusted device 130 via the secure interface. As thoseskilled in the art will appreciate, the wireless input may be anencrypted signal. In such embodiments, the trusted device 130, forexample, may be provisioned to include cryptography data capable ofdecrypting the wireless input.

In certain example embodiments, a user 101 and/or trusted devicemanufacturer may configure a specific response period to receive theuser input. For example, a user 101 and/or trusted device manufacturermay set a period of about 5 to 10 seconds for the user 101 to respondwith an input, such a 5, 6, 7, 8, 9, or 10 seconds. In certain exampleembodiments, the period may be longer, such as about 60 seconds. If theuser 101 does not respond with a user input within the configuredresponse period, for example, the trusted device 130 determines that noinput has been received. Conversely, if the user 101 does provide a userinput within the configured response period, the trusted device 130determines that a user input has been received.

In block 620, if the trusted device 130 determines that a user input hasbeen received via the secure interface 137, the method follows the “YES”branch of block 620 to block 630 of FIG. 6, in accordance with certainexample embodiments. If the trusted device 130 determines that a userinput has not been received via the secure interface 137, the methodfollows the “NO” branch of block 620 to block 625 of FIG. 6, inaccordance with certain example embodiments.

In block 625, if the trusted device 130 determines a user 101 has notprovided a user input, the trusted device 130 does not generate anoutput to the read file 134. For example, the isolated environmentprocessor 135 of the trusted device 130 may not process a write-fileentry to generate an output as described herein, or the isolatedenvironment processor 135 may cease any existing processing thewrite-file entry (if the isolated environment processor 135 has alreadybegun processing the write-file entry). Additionally or alternatively,if the isolated processor has already processed the write-file entry togenerate an output as described herein, the isolated environmentprocessor 135 may not transfer the output to the read file 134. Hence,regardless of where in the process of generating an output ortransferring the output to the read file 134, ceasing the method inresponse to the lack of a user input into the secure interface137—prevents an output from being transmitted to the read file 134. Assuch, the untrusted host device 110 is not able to receive an output,such as a secured output, as described herein.

In block 630, if the trusted device 130 determines that a user hasprovided a user input, the trusted device 130 transmits the output tothe read file 134 as described in block 425 of FIG. 4. That is, afterthe isolated environment processor 135 completes any processing neededto generate the output, such as described in blocks 505 to 520 of FIG.5, the 136 communicates the output to the read file 134 of the trusteddevice 130. In certain example embodiments, the trusted device 130 alsosecures the output as described herein, such as by encrypting the outputto create a secure output. The read file 134 receives the secure output,thus making the secure output available and accessible to the untrustedhost device 110, as described herein.

By configuring the trusted device 130 to require a “proof of life”and/or identity confirmation, a user 101 and/or trusted device 130manufacturer can enhance security associated with the trusted device130. For example, if the trusted device 130 is configured to require auser 101 to touch the body of the device 130 before the device 130transmits a secure output to the read file 134 as described herein, thena user 101 must be in actual proximity to the trusted device 130. Anunauthorized user 101, for example, thus cannot remotely instruct thetrusted device 130 to proceed with transmission of the secure output tothe read file 134.

In certain example embodiments, such as when the trusted device 130 isconfigured to require a user 101 to enter a security code directly intothe device 130, the entry of the security code both verifies that a user101 is present and further confirms the identity of the user 101. Inother words, the fact that the user 101 knows the correct security codeand correctly enters the security code as the user input into thetrusted device 130—further confirms that the user 101 is present and isalso an authorized user 101. An unauthorized user, for example, wouldpresumably not possess the security code, and thus not be able toprovide the security code to the trusted device 130.

FIG. 7 is a block diagram depicting a system 700 for securecommunications between two or more host computing devices, in accordancewith certain example embodiments.

With reference to FIG. 7, provided is a first host device 110 a that isassociated with a first trusted device 130 a, the first trusted device130 b being configured as described herein. For example, among the othercomponents described herein, the first trusted device 130 a includes ahost interface 132 a for connecting to the first host device 110 a and afirst secure interface 137 a, such as for receiving and transmittingrestricted information, such as confidential communications. Likewise,FIG. 7 shows second host device 110 b that is associated with a secondtrusted device 130 b, the second trusted device 130 b being configuredas described herein. For example, among the other components describedherein, the second trusted device 130 b includes a second host interface132 b for connecting to the second host device 110 b and a second secureinterface 137 b, such as for receiving and transmitting restrictedinformation, such as confidential communications. Also shown is anetwork 105, which the first host device 110 a and the second hostdevice 110 b can employ for network-based communications. By configuringa system such as shown in FIG. 7 and in accordance with the embodimentsprovided herein, two users, such as a first user 101 a and a second user101 b can exchange secure communications. Such methods, for example, aredescribed in detail below with reference to FIG. 8.

FIG. 8 is a block flow diagram depicting a method 800 for securecommunication between untrusted host devices 110, in accordance withcertain example embodiments.

With reference to FIGS. 1-3 and FIG. 7, in block 805 of FIG. 8 of method800, two or more trusted devices 130 receive restricted information andstore the restricted information in secure storage 136, such as perblocks 405 to 415 of FIG. 4. That is, each of two or more trusteddevices 130 is securely provisioned to include restricted informationthat is inaccessible to an unauthorized user. The trusted device 130then store the restricted information, such as cryptographic data usedto generate and decipher encrypted communications, a secure storage 136of each of the trusted devices 130.

In certain example embodiments, two users, such as user 101 a and user101 b, may “pair” two or more trusted devices 130 together so that thetwo trusted devices 130 exchange restricted information. For example,each of two trusted devices 130 a and 130 b may be removably attached toor integrated with two separate headsets designed to facilitate usercommunications. By bringing the headsets into proximity to each other,the users 101 a and 101 b can allow the trusted devices 130 a and 130 bof the headsets to exchange restricted information via the secureinterface 137, such as cryptographic data. For example, the two trusteddevices 130 a and 130 b of each headset may exchange cryptographic keysvia a Bluetooth connection and/or Near Field Communication (“NFC”)connection. Each trusted device 130 a and 130 b then stores thecorresponding cryptographic data in the secure storage 136 of eachtrusted device 130 a and 130 b, so that the cryptographic data is notdirectly accessible to any untrusted host device, such as host devices130 a and 130 b, that may connect to the headsets.

Additionally or alternatively, and in certain example embodiments themanufacturer of the trusted devices 130 a and 130 b may provisiontrusted devices 130 a and 130 b to include corresponding cryptographicdata during the manufacturing process, such as with or without the useof the secure interface 137 a and 137 b, as described herein. In certainexample embodiments, the cryptographic data may contain otherinformation, such as the digital address of the location to whichencrypted communications are to be sent. Such digital address data maybe stored in the secure storage 136, for example, along with thecryptographic data.

In block 810, a first trusted device 130 a receives a user communicationfrom a first user 101 a via secure interface 137 a of the first trusteddevice 130 a. That is, a first user 101 a transmits a communication tothe first trusted device 130 a via the secure interface 137, and theisolated environment 138 receives the transmission, such as via theisolated environment processor 135. For example, after the first trusteddevice 130 a and a second trusted device 130 b are paired to possesscorresponding cryptographic data, a first user 101 a may speak into aheadset microphone, the microphone being integrated into or associatedwith one of the paired headsets and connected to the secure interface137 a of the first trusted device 130 a. Because the microphone isconnected to the first trusted device 130 a via the secure interface 137a, the connection is a secure connection that does not expose the firstuser's audible communication to any untrusted host device 110 a that isassociated with the headset.

In block 815, the first trusted device 130 a encrypts the communicationof the first user 101. For example, after the first trusted device 130 areceives the communication from the first user 101 a, the isolatedenvironment processor 135 of the first trusted device 130 a retrievesthe previously retrieved cryptographic data from the secure storage 136.The isolated environment processor 135 of the first trusted device 130 athen applies the retrieved cryptographic data to the communicationreceived from the first user 101 a, thus encrypting the communication togenerate a secure output.

Because the encryption of the communication from the first user 101 aoccurs in an isolated environment 138 of the first trusted device 130 a,the unencrypted communication remains inaccessible to any untrusted hostdevice 110 a that is associated with a headset containing the firsttrusted device 130 a. In certain example embodiments, the first trusteddevice 130 may associate digital address information, such asunencrypted digital address information, with the encryptedcommunication. As described herein, the isolated processor 135 of thefirst trusted device 130 a may use any unencrypted digital addressinformation, for example, to communicate the encrypted communication tothe correct recipient (such as the second user 101 b).

In block 820, the first trusted device 130 a transmits the encryptedcommunication data to the read file 134 of first trusted device 130 a.For example, once the isolated processor 135 of the first trusted device130 a encrypts the communication to generate a secure output asdescribed herein, the isolated environment processor 135 of the firsttrusted device 130 a communicates the encrypted communication—as thesecure output—to the read file 134 of the first trusted device 130 a.The read file 134 of the first trusted device 130 a receives theencrypted communication, thus making the encrypted communicationavailable to an untrusted host device 110.

In certain example embodiments, such as discussed herein with referenceto FIG. 6, the first trusted device 130 may optionally require a secureauthorization from the first user 101 a before transmitting theencrypted communication (that is, the secure output in this exampleembodiment) to the read file 134. For example, the first user 101 a may,in response to a request from the first trusted device 130 a, enter asecurity code into trusted device 130 a before any communications can beencrypted and/or transmitted to the write file. As described withreference to FIG. 6, in such example embodiments receipt of the userinput is required before the isolated environment processor 135 of thetrusted device 130 transmits the output, such as the secure output, tothe read file 134 where the host device 110 can receive the output.

In block 825, the second trusted device 130 b receives encryptedcommunication. For example, the first untrusted host device 110 a thatis associated with the first trusted device 130 a receives the encryptedcommunication from the read file 134 of the first trusted device 130 a,along with any unencrypted data such digital address data indicatingwhere the encrypted communication should be sent. The first untrustedhost device 110 then transmits the encrypted communication to a seconduntrusted host device 110 b, the second untrusted host device 110 b, forexample, being associated with a second trusted device 130 b. The secondtrusted device 130 b, for example, may be part of a headset that waspreviously paired with the headset containing the first trusted device130 a. Hence, the first and second trusted devices (130 a and 130 b ofFIG. 7) share corresponding cryptographic data, as described herein. Thedetails of block 825 are described in further detail below withreference to FIG. 9.

FIG. 9 is a block flow diagram depicting a method 825 for receiving anencrypted communication via a second trusted device 130 b, in accordancewith certain example embodiments.

With reference to FIGS. 1-3 and FIG. 7, in block 905 of method 825, thefirst untrusted host device 110 a receives the encrypted communicationfrom read file 134 of the first trusted device 130 a. That is, the firstuntrusted host device 110 a accesses the read file 134 via this hostinterface 132 a trusted device 130 a. The first untrusted host device110 a then reads the contents of the read file 134 of the first trusteddevice 130 a, such as to determine that the read file 134 includes anencrypted communication as the output. By reading and determining thecontents of the read file 134 of the trusted device 130 a, the firstuntrusted host device 110 a receives the encrypted communication.

In certain example embodiments, the first untrusted host device 110 amay also read data associated with the encrypted communication, such asdata pertaining to the digital address of the location to where theencrypted communication is to be sent. The first untrusted host device110 a can then use the address information to transmit the encrypted tothe second untrusted host device 110 b. In other words, the first hostdevice 110 a may perform additional processing relating to the firstcommunication, such a determining where to transmit the firstcommunication.

In certain example embodiments, the first untrusted host device 110 amay be a mobile phone or other mobile device of the first user 101 a.The mobile phone, for example, may be connected to a wireless headset,the headset including an integrated or removably attached first trusteddevice 130 a, as described herein. The first untrusted device 110 a,such as the user's mobile phone, can then receive the encryptedcommunication as described herein via the wireless connection with theheadset, such as a Bluetooth and/or Near Filed Communication (“NFC”)connection. Additionally or alternatively, the connection between thefirst untrusted host device 110 a and a first trusted device 130 a thatis integrated into or removably attached to a headset may be a wiredconnection or other direct connection.

In block 910, the first untrusted host device 110 a communicates theencrypted communication to the second untrusted host device 110 b. Thatis, the first untrusted host device 110 a transmits the encryptedcommunication to the second untrusted host device 110 b, such as via thenetwork 105, so that the second untrusted host device 110 b receives theencrypted communication. For example, the first untrusted host device110 may rely on any digital address information associated withencrypted communication to identify the location of the second untrustedhost device 110 b. The first untrusted host device 110 a then transmitsthe encrypted communication to the digital address associated with theencrypted communication via the network, and the second untrusted hostdevice 110 b receives the encrypted communication.

In certain example embodiments, such as when the encrypted communicationis not associated with a digital address for the recipient of theencrypted communication, the first user 101 a may select a digitaladdress for transmitting the communication, such as from the user'scontacts. For example, the first user 101 a may select a second user 101b as a recipient for the encrypted communication from a contactsapplication on the host device 110 a of the first user 101 a. Based onthe selection of the first user 101 a, in such embodiments, the firstuntrusted host device 110 a transmits the encrypted communication to thedigital address of the selected second user 101 b. The second untrustedhost device 110 b, such as the second user's mobile phone, then receivesencrypted communication.

In block 915, after receiving the encrypted communication from the firstuntrusted host device 110 a, the second untrusted host device 110 btransmits the encrypted communication to a write file 133 of a secondtrusted device 130. That is, the second untrusted host device 110transfers the received encrypted communication from the second untrustedhost device 110 to the write file 133 of the second trusted host device130 b associated with the second untrusted host device 110 b. Forexample, the second untrusted device 110 b may be connected wirelesslyor via a wire, as described herein, to a headset containing the secondtrusted device 130 b. To transmit the encrypted communication to thesecond trusted device 130 b, for example, the second untrusted hostdevice 110 b transfers the encrypted communication over the wired orwireless connection, such as through a host interface 132 b of thesecond trusted device 130 b, to the write file 133 of the second trusteddevice 130 b.

In certain example embodiments, the second untrusted device 110 b may bea mobile phone or other mobile device of the second user 101 b. Forexample, the mobile phone of the second user 101 b receives theencrypted communication from the mobile device of the first user 101 a,such as via the network 105. The second user's mobile phone receives theencrypted communication, and then transmits the encrypted communicationto a headset of the second user 101 b, such as via a Bluetooth and/orNear Field Communication (“NFC”) connection between the headset and themobile phone of the second user 101 b. A second trusted device 130 bthat is integrated with (or removably attached to) the headset of thesecond user 101 b receives the encrypted communication into the writefile 133 of the second trusted device 130 b as a write-file entry.

Returning to FIG. 8, in block 830 of FIG. 8, the second trusted device130 b processes the received encrypted communication. That is, theisolated environment processor 135 of the second trusted device 130 bretrieves the secure communication from the write file 133 of the secondtrusted device 130 b. The isolated environment processor 135 thendecrypts the encrypted communication based on the previously receivedcryptography data, such as the cryptography data received during apairing of the first trusted device 130 a and the second trusted device130 b.

In certain example embodiments, the processing for block 830 of FIG. 8follows the method described in blocks 505 to 510 of FIG. 5. Forexample, the isolated environment processor 135 of the second trusteddevice 130 b reads the write-file entry to identify the entry as anencrypted communication. The isolated environment processor 135 thendetermines that the stored cryptography data is responsive to thewrite-file entry, inasmuch as the isolated processor 105 of the secondtrusted device 130 b can use the cryptography data to decrypt theencrypted communication. By retrieving and applying the cryptographydata, for example, the isolated environment processor 135 of the secondtrusted computing device 130 b generates a decrypted communication fromthe first communication of the first user 101 a.

In block 835, the second trusted device 130 b transmits the decryptedcommunication to the second user 101 b via a secure interface 137 b ofthe second trusted device 130 b. For example, after the isolatedenvironment processor 135 generates a decrypted communication, theisolated environment processor 135 of the second trusted device 130 bmay transfer the decrypted communication to a speaker that is connectedto the secure interface 137 of the second trusted device 130 b. Thespeaker, for example, may be located in an earpiece of the headset ofthe second user 101, such that any output of the speaker is directlyinto the ear of the second user 101. Using the secure interface 137, forexample, the isolated environment processor 135 transmits the decryptedcommunication to the second user 101 by directing the speaker to providean audible output of the decrypted communication. The second user 101can then receive the audible output of the decrypted communication.

By the time the communication of the first user 101 a reaches the ear ofthe second user 101 b, the communication has only passed throughuntrusted hosts (that is, the first untrusted host device 110 a and thesecond untrusted host device 110 b) in an encrypted form. Hence, anuntrusted host device does not have access to the unencryptedcommunication, thus allowing the first user's communication to remainprivate. And, because the communication only passes through theuntrusted host devices in an encrypted form, the communication from thefirst user 101 a to the second user 101 b is far less vulnerable tounauthorized users that may attempt to eavesdrop or intercept thecommunication.

While the above embodiments describe a one-way communication from afirst user 101 a to a second user 101 b, those skilled in the art willappreciate—in view of the disclosure herein—that such processes can bereversed to complete a two-way communication. That is, the processesdescribed herein can be reversed to provide a secure communication fromthe second user 101 b to the first user 101 a. For example, the seconduser 101 b may desire to securely respond to the first communication ofthe first user 101 a by providing a second communication to the firstuser 101 a.

In such example two-way communication embodiments, the second user 101 bmay speak into a microphone that is connected to the second trustedcomputing device 130 b. The second trusted computing device 130 breceives the communication via the secure interface 137 b. Afterreceiving the communication, the isolated environment processor 135 ofthe second trusted computing device 130 b encrypts the secondcommunication and then transfers the encrypted communication to a readfile 134 of the second trusted computing device 130 b. In certainexample embodiments, the second trusted computing device 130 may requirea user input from the second user 101 b to authorize the encryptiontransmission to the second untrusted host device 110 b, as describedherein.

After the second untrusted host device 110 b receives the encryptedsecond communication from the read file of the second trusted computingdevice 130 b, the second untrusted host device 110 b transmits theencrypted communication to the first untrusted host device 110 a. Thefirst untrusted host device 110 a then transmits the encryptedcommunication to a write file 133 of the first trusted computing device130 a. The isolated environment processor 135 of the first trustedcomputing device 130 a decrypts the encrypted second communication, andthen provides the decrypted second communication to the first user 101a. For example, the first trusted computing device 130 a provides thedecrypted second communication as an audio output via a speaker that isconnected to the secure interface 137 a of the first trusted computingdevice 130 a. The speaker, for example, may be intergraded into aheadset of the first user 101 a, thus allowing the audio output to bedirectly provided to the ear of the first user 101 a.

In addition to the above methods, a user 101 can also use the trusteddevice 130 to securely manage host system event log entries. FIG. 10 isa block flow diagram depicting a method 1000 for secure event logmanagement, in accordance with certain example embodiments.

With reference to FIGS. 1-3, in block 1005 of FIG. 10, a trustedcomputing device receives a write-file entry from an untrusted hostdevice 110 via a host interface 132. That is, the untrusted host device110 transfers information to the write file 133 of the trusted computingdevice 130, and the trusted computing device 130receives the informationas a write-file entry into the write file 133 of the trusted computingdevice 130, such as described herein in block 410 of FIG. 4. Thetransmission occurs via the host interface 132 of the trusted computingdevice 130.

In certain example embodiments, the write-file entry relates to systemlog information of the host device 110. That is, the host device 110 maytransfer system log information of the host device 110 to the write file133 of the trusted computing device 130 as write-file entries. Thetrusted computing device 130 then receives the system log information ofthe host device 110 as a write-file entry into the write file 133 of thetrusted computing device 130. In such embodiments, the write-fileentries may relate to or include system events that the operating systemof the host device 110 may otherwise log. For example, the event logsmay relate to or contain information about device changes, devicedrivers, system changes, system operations, or other informationpertaining to the host computing system 110.

In certain example embodiments, the event logs may include application(program) events, with the events being classified as an error, awarning, or other information, depending on the severity of the event.An event log for an error, for example, may include a loss of data.Other event logs may relate to or include security-related events,including successful or failed audits or security breaches. Other eventlogs may relate to or include setup events or system events. Still otherevent logs may include forwarded events, such as events forwarded fromother devices associated with the host device 110.

In certain example embodiments, the host device 110 creates the logevents when a user 101 logs on to the host device 110, when a program orapplication on the host device 110 encounters an error, or when the hostdevice 110 detects a threat or intrusion. The host device 110 thentransfers the event log to the write file 130 of the trusted computingdevice 130, and the write file 133 of the trusted computing device 130receives the event log as a write-file entry.

In certain example embodiments, the trusted device 130 may manage andmaintain the system log for the host device 110. That is, the trusteddevice 130 operates as the event log system for the host device 110.Hence, all event logs that the host device 110 would otherwise manageand maintain, for example, may be transferred to the write file 133 aswrite-file entries. The write file receives the write-file entries, andthe trusted computing device 130 manages and maintains the system logfor and on behalf of the host device 110.

In certain example embodiments, the write-file entry may not relate tosystem log events of the host device 110, but rather requests related torestricted information stored on the trusted computing device 130. Forexample, the host device 110 may provide a request or command to thewrite file 133 of the trusted computing device 130 related to the user'sfinancial information, such as a request for a money transfer orwithdrawal, as described herein. The write file 133 receives the requestas a write-file entry. The trusted computing device 130 then records thereceived write-file entry as an event log. In other words, in certainexample embodiments, the trusted computing device 130 may keep andmanage an event log for all events received as a write-file entry,regardless of whether the host device 110 maintains or manages a systemlog on the host device 110 or relies on the trusted computing device 130to manage and maintain the system log on behalf of the host device 110.

In block 1010, the trusted computing device determines log dataassociated with the write-file entry. That is, the trusted computingdevice 130, such as via the isolated environment processor 135 of theisolated environment, retrieves the write file entry from the write file133. The isolated processor then determines information associated thewrite-file entry, such as the date of the event associated with thewrite file entry, the time of the event associated with the write-fileentry, or any other information associated with the write-file entry.For example, if the trusted computing device 130 manages and maintains asystem log for the host device 110, the isolated environment processor135 may determine the time that the write file 133 received thewrit-file entry for the access attempt (and hence the time of the accessattempt). The isolated environment processor 135 may also determine,such as by reading the content of the write-file entry for the failedaccess attempt, that the received write file entry relates to a failedaccess attempt, such as a failed access attempt of an unauthorized user.

In block 1015, the trusted computing device 130 establishes an event logentry based on determined log data. That is, after the trusted computingdevice 130 determines log data associated with the write-file entry, theisolated environment processor 135 creates an event log entry using thedetermined log data. For example, if the isolated environment processor135 determines that the host device 110 entered a failed access attemptevent as a write-file entry at 10:53:32 on Jan. 1, 2014 into the writefile 133, the isolated environment processor 135 creates an event longentry for the 10:53:32 write-file entry of Jan. 1, 2014. In certainexample embodiments, such as when the isolated environment processor 135of the trusted computing device 130 determines the content of thewrite-file entry, the isolated environment processor 135 may alsoassociate a description of the write-file content with the write-fileentry. For example, if the write-file entry relates to a failed accessattempt on the host device 110, the log event entry description mayindicate that the event relates to a failed access attempt at 10:53:32on Jan. 1, 2014.

In certain example embodiments, in addition to establishing the eventlog entry, the trusted computing device 130 may also process anywrite-file entry as described herein. That is, if a write-file entryrelates to restricted information recorded in the secure storage136—such as a money transfer or withdrawal request using the user'sstored financial account information—the trusted computing device 130may both process request as described herein, such as in blocks 405 to430 of FIG. 4, and establish an event log for the request. For example,the host device 110 provides a write-file entry request to transfermoney from a financial account of a user 101, the trusted device 130processes the write-file entry to generate an output for the request asdescribed in blocks 405 to 430 of FIG. 4. But additionally, in certainexample embodiments the trusted device 130 may establish an event logentry for the request.

In block 1020, the trusted computing device 130 records the event logentry in the secure storage 136. That is, after establishing the eventlog entry corresponding to the write-file entry, the isolatedenvironment processor 135 transmits the event log entry to the securestorage 136 of the isolated environment 138. The secure storage 136receives the event log entry, and records the event log entry in thesecure storage 136, such as in an event log file or database of thesecure storage. For example, if the event log entry includes a date,time, and/or an event description, the isolated environment processor135 of the trusted computing device 130 records the date, time, and/orevent description information for the event entry corresponding to thewrite-file entry in the secure storage 136. If the isolated environmentprocessor 135 establishes an event log entry, for example, that includesa date of Jan. 1, 2014, a time of 10:53:32, and a description indicatingthe event relates to a failed access attempt, the recorded event logentry may include a date of Jan. 1, 2014 at 10:53:32 and an indicationthat the event log entry relates to a failed access attempt on the hostdevice 110.

Because the isolated environment processor 135 of the trusted computingdevice 130 stores the event log entry in the secure storage 136 of theisolated processing environment 138, the host device 110 cannot directlyaccess the event log entry from the secure storage 136. For example, thestored event log entries become restricted information, inasmuch asfurther access to the event log entries is limited to authorized users.An unauthorized user of the host device 110, for example, cannot accessthe stored event entry in the secure storage 136, such as to alter,delete, or otherwise tamper with the event log entry. Instead, only anauthorized user 101 can access the event log entry as described herein,such as via a secure interface 137 or via the read file 134 of thetrusted computing device 130.

In certain example embodiments, the event log entry is an append-onlyentry. That is, the isolated environment processor 135 of trustedcomputing device 130 appends the event log entry to the end of otherentries in the event log file or database, without altering or deletingany of the preceding event log entries. For example, in append-onlyembodiments, the isolated processor 135 may record the date, time, anddescription of an event log entry immediately after a previouslyrecorded event log entry. As an append-only entry, the log entry cannotbe modified. In other words, an authorized user 101, or even a hostdevice 110 that the user 101 trusts, cannot change or alter the entryonce the processor records the event log entry in the secure storage. Incertain example embodiments, the isolated processor 135 records multipleappend-only entries, thus resulting in a log file or system event logthat is append-only. For example, when a new event log entry is added tothe secure storage 136 of the rusted device 130, the entirety of theevent logs stored in the secure storage 132—along with the new evententry—are available as described herein as a append-only system eventlog of log file. Hence, even authorized users 101 of the host device110, and/or a host device 110 that the user 101 trusts, cannot modify orotherwise edit (other than to append) the logged information stored inthe system event log or log file.

In certain example embodiments, the isolated environment processor 135may assign a unique, sequential log entry number each event log entry.By relying on a sequential log entry number, the ordering of event logentries in the secure storage 136 provides a relative indication oftime, as recently appended event log entries are more recent thanprevious event log entries. That is, a sequential log entry numberprovides a relative timestamp of the event entry because the time ofeach entry can measured relative to the times of other event entries. Byrelying on a sequential log entry number, the trusted device 130 can, incertain example embodiments, create an event log for several event logentries, such as a system event log, that is decoupled from a physicalclock.

FIG. 11 is a block flow diagram depicting parallel methods 1100 forcommunicating an event log entry to an authorized user 101, inaccordance with certain example embodiments. For example, the trusteddevice 130 communicates one or more event log entries from the securestorage 136 to a user 101 via the secure interface 137, such asdescribed in blocks 1105 to 1115 below. Additionally or alternatively,the trusted device 130 communicates one or more event log entries fromthe secure storage 136 to a user 101 via a host interface 132, such asdescribed in blocks 1120 to 1130 below. The user 101 then receives theone or more event log entries. For example, the user 101 may receive anentire system log or log file for multiple event log entries.

With reference to FIG. 11, in block 1105 of FIG. 10, the trustedcomputing device 130 receives a user request for an event log entry viaa secure interface 137 of the trusted computing device 130. For example,an authorized user 101 may connect the trusted device 130 to a trusted,second-party computing system 120 that can access isolated environment138 of the trusted computing device 130 via the secure interface 137.Using the second party computing system 120, for example, the authorizeduser 101 transmits a request to trusted device 130 via the secureinterface 137, such as a request to receive one or more event logentries. For example, the authorized user 101 may request access to anevent log entry file or system log containing multiple event logentries. The isolated environment processor 135 receives the request foraccess via the secure interface 137.

Because the host device 110 is isolated from the secure interface 137 asdescribed herein, the host device 110 is not otherwise aware of, nor canit influence, a request made through the secure interface 137. Forexample, the host device 110 cannot request a secured event log entry(or other restricted information) via the secure interface 137. Anauthorized user request via the secure interface 137 thus remains securefrom the untrusted host device 110.

In block 1110, the trusted device 130 retrieves the event log entry fromthe secure storage 136. For example, the isolated environment processor135 of the trusted computing device 130 reads the received request fromthe authorized user 101 requesting access to one or more of the eventlog entries. The isolated environment processor 135 then reads thesecure storage 136 for event log entries responsive to the authorizeduser's request. For example, if the authorized user 101 has requestedaccess to the entire event log file contents, such as a system log orlog file, the isolated environment processor 135 identifies the entireevent log file or system log and retrieves the entire event log file orsystem log for transmission to the authorized user 101 as describedherein.

In block 1115, the trusted computing device 130 transmits the event logentry to the user via the secure interface 137. That is, afteridentifying the one or more event log entries responsive to the userrequest for access to the event log entries, the isolated processor 135transmits the one or more retrieved event log entries to the authorizeduser 101 via the secure interface 137 of the trusted computing device.For example, if the authorized user 101 requests an entire log file orsystem log contents from the trusted device 130, the isolated processor135 transmits the entire log file or system log to the authorized user101 via the secure interface 137. The authorized user 101 then receivesthe one or more event log entries via the secure interface 137 asdescribed further herein.

In certain example embodiments, the trusted device 130 may request auser input to authorize the transmission of the one or more event logentries to the authorized user 101 via the secure interface, such asdescribed herein in blocks 605 to 630 of FIG. 6. For example, thetrusted device 130 may transmit a request for authorization to the user101, such as a blinking light, an audible communication, or othercommunication, as described herein. The authorized user 101 receives thetransmission from the trusted computing device 130, and provides a userinput into the trusteed computing device 130 via the secure interface137 of the trusted computing device 130, as described herein.

In certain example embodiments, the user input may include a securitycode that the user 101 inputs into the trusted computing device 130,such as by entering the code into the body of the trusted computingdevice 130 and/or via a wireless connection. For example, the authorizeduser 101 may transmit an encrypted code from a wireless key fob to thetrusted computing device 130 as described herein. The trusted computingdevice 130 then receives the encrypted code from the key fob, thusauthorizing the transmission of the one or more vent log entries to theauthorized user 101.

In block 1120, additionally or alternatively to the methods described inblocks 1005 to 1015 of FIG. 10, the trusted computing device 130receives a write-file entry from the host device 110 requesting therecorded event log entry. For example, the user 101 inputs a requestinto a user interface of the host device 110 requesting one or more logevent entries, such as a log file or system log. The host device 110then receives the user input requesting one or more log event entries,such as a log file or system log, and transmits the request as awrite-file entry via the host interface 132 to a write file 133 of thetrusted device 130. The write-file receives the transmission as awrite-file entry, such as described herein in block 415 of FIG. 4.

In block 1125, the trusted computing device 130 processes the receivedwrite-file entry. That is, the trusted device 130 responds to therequest for the one or event log entries received from the write file133, such as described in blocks 505 to 515 of FIG. 5. For example,based on the received write-file entry request, the trusted computingdevice 130 determines from the write-file entry that the write-fileentry relates to the stored event log entries. The trusted computingdevice 130 also identifies the one or more event log entries that areresponsive to the determined write-file entry. The trusted device 130then generates an output based on the identified event log entries thatis responsive to the write-file entry. For example, the isolatedenvironment processor 135 may generate a copy of append-only event logentries stored in the secure storage 136 as the output. And, in certainexample embodiments, the trusted computing device 130 secures theoutput, such as by encrypting the output for the requested event-logentries, such as described in block 520 of FIG. 5. For example, theisolated environment processor 135 may encrypt the responsive event logentries to generate a secure output that can be communicated via thenetwork 105 to a second host device 110 that can decrypt the encryptedevent log entries.

In block 1130, the trusted computing device 130 transmits one or moreevent log entries to the read file 134 of the trusted computing device130. That is, the isolated environment processor 135 of the trusteddevice 130 transfers the one or more requested event log entries (orcopies of the event log entries) to the read file 134 of the trusteddevice 130, such as described in block 425 of FIG. 4. The read file 134of the trusted device 130 then receives the requested event log entries,thus making the event log entries available to the host device 110connected to the trusted device 130. In certain example embodiments,such as discussed herein with reference to FIG. 6, the trusted device130 optionally receives a secure authorization from the user 101 beforetransmitting the event log entries to the read file 134 of the trusteddevice 130. For example, a user 101 may provide a user input to thetrusted device 130 via a secure interface, thus authorizing processingof the write-file entry and/or transmission of the event log entries tothe read file 134 of the trusted device 130.

In block 1135, after the trusted device 130 either transmits therequested event log entries to the authorized user 101 via the secureinterface 137 or via the read file 134 of the trusted device 130, theuser 101 receives the requested event log entries. For example, the user101 may receive the event log entries directly via the secure interface137, such as via a transferred event log file or system log from thetrusted computing device 130. Additionally or alternatively, if thetrusted computing device 130 transmits the event log entries to the readfile 134 of the trusted device 130, the host device 110 receives theevent log entries, such as described in block 430 of FIG. 4. The hostdevice 110 then provides the event log entries to the user 101, such asvia a user interface associated with the host device 110. The user 101then receives the event log entries.

In certain example embodiments, the user 101 may optionally verify theauthenticity of one or more log events that the user 101 receives viathe host interface 132. For example, even though the isolated processor135 may provide the log event entries to the read file 134 from theappend-only log event entries stored in the secure storage 136, acompromised host device 110 may attempt to misrepresent the log evententries received from the read file 134. To detect or identify suchmisrepresentations, an authorized user 101 can compare one or more eventlog entries received via the read file 134 of the host interface 132 toone or more event log entries received via the secure interface 137.Because the secure interface 137 is inaccessible to the host device 110,any discrepancies identified based on the comparison provide anindication that the host device 110 is compromised. For example, if oneor more log entry events are present on a log file received via thesecure interface but are missing from a log file received via the hostinterface 132, the authorized user 101 may determine that the hostdevice 110 is compromised based on the missing log event entries. Anyother deletions, additions, or alterations of the log file received viathe host interface 132—as compared to the log file received from thesecure interface 137 may similarly provide an indication that the hostdevice 110 is compromised.

In certain example embodiments, the user 101 may remove the trusteddevice 130 from the host device 110 and insert the trusted device 130into a second host device 110 that the user 101 trusts. For example, ifthe user 101 suspects that the first host device 110 may be compromised,the user 101 may remove the trusted computing device 130 from the firsthost device 110 that has been using the trusted computing device 130 asa system log as describe herein. Hence, the trusted device 130 contains,in the secure storage 136 of the trusted device 130, one or more eventlog entries for the first host device 110. The user 101 can then accessthe event log entries of the first host device 110 by requesting—via thesecond host device 110 and the host interface 132—access to the eventlog entries, as described herein. For example, the trusted device 130generates a secure output to the read file 134 of the trusted device 130that is responsive to the request, and the second host device receivesthe read-file entry from the read file 134 as described herein.

By securing event log entries in the secure storage 136 of a trustedcomputing device, the trusted device 130 protects the event log entriesfrom tampering from an unauthorized user 101, such as an attacker. Forexample, an unauthorized user 101 attempting to maliciously access thehost device 110 cannot cover his or her tracks if the event log—whichcan record access attempts as append-only event log entries—securelystores the access attempt as an event log entry in the secure storage136. In other words, the unauthorized user cannot access the event log,such as to alter or delete event log data associated with append-onlyevent log entries of the secure storage 136. Instead, only an authorizeduser 101 can access the event log entries, but cannot alter or changethe append-only event log entries. And, by accessing and reading thesecure event log, the user 101 can determine if unauthorized attempts toaccess the host device 110 have occurred. For example, the authorizeduser 101 can determine, based on reading the requested event logentries, the date and time of the access attempts of the unauthorizeduser 101. An authorized user 101 can also determine if a host device 110is compromised, such as comparing log files received from via the hostinterface 132 with log files received via the secure interface 137.

As those skilled in the art will appreciate based on the disclosureprovided herein, the methods, systems, and devices described herein canbe used and configured for overlapping and interrelated purposes. Forexample, a user 101 may configure the trusted computing device 130 torecord a secure event log entry for every write-file entry that thewrite file 133 of a trusted computing device receives, such allwrite-file entries related to request for restricted information. Insuch example embodiments, an authorized user 101 by reviewing and/orcomparing received event log entries—can determine the types ofrestricted information the host device 110 has been seeking. In otherexample embodiments, such as during two-way communications between twohost computing devices 110, a user 101 may configure one or both of thetrusted computing devices 130 a and 130 b to keep a secure event logentry for every received communication. An authorized user can thenlater access the event log entries for the communications as describedherein.

Other Example Embodiments

FIG. 12 depicts a computing machine 2000 and a module 2050 in accordancewith certain example embodiments. The computing machine 2000 maycorrespond to any of the various computers, servers, mobile devices,embedded systems, or computing systems presented herein. The module 2050may comprise one or more hardware or software elements configured tofacilitate the computing machine 2000 in performing the various methodsand processing functions presented herein. The computing machine 2000may include various internal or attached components such as a processor2010, system bus 2020, system memory 2030, storage media 2040,input/output interface 2060, and a network interface 2070 forcommunicating with a network 2080.

The computing machine 2000 may be implemented as a conventional computersystem, an embedded controller, a laptop, a server, a mobile device, asmartphonc, a set-top box, a kiosk, a vehicular information system, onemore processors associated with a television, a customized machine, anyother hardware platform, or any combination or multiplicity thereof. Thecomputing machine 2000 may be a distributed system configured tofunction using multiple computing machines interconnected via a datanetwork or bus system.

The processor 2010 may be configured to execute code or instructions toperform the operations and functionality described herein, managerequest flow and address mappings, and to perform calculations andgenerate commands. The processor 2010 may be configured to monitor andcontrol the operation of the components in the computing machine 2000.The processor 2010 may be a general purpose processor, a processor core,a multiprocessor, a reconfigurable processor, a microcontroller, adigital signal processor (“DSP”), an application specific integratedcircuit (“ASIC”), a graphics processing unit (“GPU”), a fieldprogrammable gate array (“FPGA”), a programmable logic device (“PLD”), acontroller, a state machine, gated logic, discrete hardware components,any other processing unit, or any combination or multiplicity thereof.The processor 2010 may be a single processing unit, multiple processingunits, a single processing core, multiple processing cores, specialpurpose processing cores, co-processors, or any combination thereof.According to certain embodiments, the processor 2010 along with othercomponents of the computing machine 2000 may be a virtualized computingmachine executing within one or more other computing machines.

The system memory 2030 may include non-volatile memories such asread-only memory (“ROM”), programmable read-only memory (“PROM”),erasable programmable read-only memory (“EPROM”), flash memory, or anyother device capable of storing program instructions or data with orwithout applied power. The system memory 2030 may also include volatilememories such as random access memory (“RAM”), static random accessmemory (“SRAM”), dynamic random access memory (“DRAM”), and synchronousdynamic random access memory (“SDRAM”). Other types of RAM also may beused to implement the system memory 2030. The system memory 2030 may beimplemented using a single memory module or multiple memory modules.While the system memory 2030 is depicted as being part of the computingmachine 2000, one skilled in the art will recognize that the systemmemory 2030 may be separate from the computing machine 2000 withoutdeparting from the scope of the subject technology. It should also beappreciated that the system memory 2030 may include, or operate inconjunction with, a non-volatile storage device such as the storagemedia 2040.

The storage media 2040 may include a hard disk, a floppy disk, a compactdisc read only memory (“CD-ROM”), a digital versatile disc (“DVD”), aBlu-ray disc, a magnetic tape, a flash memory, other non-volatile memorydevice, a solid state drive (“SSD”), any magnetic storage device, anyoptical storage device, any electrical storage device, any semiconductorstorage device, any physical-based storage device, any other datastorage device, or any combination or multiplicity thereof. The storagemedia 2040 may store one or more operating systems, application programsand program modules such as module 2050, data, or any other information.The storage media 2040 may be part of, or connected to, the computingmachine 2000. The storage media 2040 may also be part of one or moreother computing machines that are in communication with the computingmachine 2000 such as servers, database servers, cloud storage, networkattached storage, and so forth.

The module 2050 may comprise one or more hardware or software elementsconfigured to facilitate the computing machine 2000 with performing thevarious methods and processing functions presented herein. The module2050 may include one or more sequences of instructions stored assoftware or firmware in association with the system memory 2030, thestorage media 2040, or both. The storage media 2040 may thereforerepresent examples of machine or computer readable media on whichinstructions or code may be stored for execution by the processor 2010.Machine or computer readable media may generally refer to any medium ormedia used to provide instructions to the processor 2010. Such machineor computer readable media associated with the module 2050 may comprisea computer software product. It should be appreciated that a computersoftware product comprising the module 2050 may also be associated withone or more processes or methods for delivering the module 2050 to thecomputing machine 2000 via the network 2080, any signal-bearing medium,or any other communication or delivery technology. The module 2050 mayalso comprise hardware circuits or information for configuring hardwarecircuits such as microcode or configuration information for an FPGA orother PLD.

The input/output (“I/O”) interface 2060 may be configured to couple toone or more external devices, to receive data from the one or moreexternal devices, and to send data to the one or more external devices.Such external devices along with the various internal devices may alsobe known as peripheral devices. The I/O interface 2060 may include bothelectrical and physical connections for operably coupling the variousperipheral devices to the computing machine 2000 or the processor 2010.The I/O interface 2060 may be configured to communicate data, addresses,and control signals between the peripheral devices, the computingmachine 2000, or the processor 2010. The I/O interface 2060 may beconfigured to implement any standard interface, such as small computersystem interface (“SCSI”), serial-attached SCSI (“SAS”), fiber channel,peripheral component interconnect (“PCI”), PCI express (PCIe), serialbus, parallel bus, advanced technology attached (“ATA”), serial ATA(“SATA”), universal serial bus (“USB”), Thunderbolt, FireWire, variousvideo buses, and the like. The I/O interface 2060 may be configured toimplement only one interface or bus technology. Alternatively, the I/Ointerface 2060 may be configured to implement multiple interfaces or bustechnologies. The I/O interface 2060 may be configured as part of, allof, or to operate in conjunction with, the system bus 2020. The I/Ointerface 2060 may include one or more buffers for bufferingtransmissions between one or more external devices, internal devices,the computing machine 2000, or the processor 2010.

The I/O interface 2060 may couple the computing machine 2000 to variousinput devices including mice, touch-screens, scanners, electronicdigitizers, sensors, receivers, touchpads, trackballs, cameras,microphones, keyboards, any other pointing devices, or any combinationsthereof. The I/O interface 2060 may couple the computing machine 2000 tovarious output devices including video displays, speakers, printers,projectors, tactile feedback devices, automation control, roboticcomponents, actuators, motors, fans, solenoids, valves, pumps,transmitters, signal emitters, lights, and so forth.

The computing machine 2000 may operate in a networked environment usinglogical connections through the network interface 2070 to one or moreother systems or computing machines across the network 2080. The network2080 may include wide area networks (WAN), local area networks (LAN),intranets, the Internet, wireless access networks, wired networks,mobile networks, telephone networks, optical networks, or combinationsthereof. The network 2080 may be packet switched, circuit switched, ofany topology, and may use any communication protocol. Communicationlinks within the network 2080 may involve various digital or an analogcommunication media such as fiber optic cables, free-space optics,waveguides, electrical conductors, wireless links, antennas,radio-frequency communications, and so forth.

The processor 2010 may be connected to the other elements of thecomputing machine 2000 or the various peripherals discussed hereinthrough the system bus 2020. It should be appreciated that the systembus 2020 may be within the processor 2010, outside the processor 2010,or both. According to some embodiments, any of the processor 2010, theother elements of the computing machine 2000, or the various peripheralsdiscussed herein may be integrated into a single device such as a systemon chip (“SOC”), system on package (“SOP”), or ASIC device.

In situations in which the systems discussed here collect personalinformation about users, or may make use of personal information, theusers may be provided with an opportunity or option to control whetherprograms or features collect user information (e.g., information about auser's social network, social actions or activities, profession, auser's preferences, or a user's current location), or to control whetherand/or how to receive content from the content server that may be morerelevant to the user. In addition, certain data may be treated in one ormore ways before it is stored or used, so that personally identifiableinformation is removed. For example, a user's identity may be treated sothat no personally identifiable information can be determined for theuser, or a user's geographic location may be generalized where locationinformation is obtained (such as to a city, ZIP code, or state level),so that a particular location of a user cannot be determined. Thus, theuser may have control over how information is collected about the userand used by a content server.

Embodiments may comprise a computer program that embodies the functionsdescribed and illustrated herein, wherein the computer program isimplemented in a computer system that comprises instructions stored in amachine-readable medium and a processor that executes the instructions.However, it should be apparent that there could be many different waysof implementing embodiments in computer programming, and the embodimentsshould not be construed as limited to any one set of computer programinstructions. Further, a skilled programmer would be able to write sucha computer program to implement an embodiment of the disclosedembodiments based on the appended flow charts and associated descriptionin the application text. Therefore, disclosure of a particular set ofprogram code instructions is not considered necessary for an adequateunderstanding of how to make and use embodiments. Further, those skilledin the art will appreciate that one or more aspects of embodimentsdescribed herein may be performed by hardware, software, or acombination thereof, as may be embodied in one or more computingsystems. Moreover, any reference to an act being performed by a computershould not be construed as being performed by a single computer as morethan one computer may perform the act.

The example embodiments described herein can be used with computerhardware and software that perform the methods and processing functionsdescribed previously. The systems, methods, and procedures describedherein can be embodied in a programmable computer, computer-executablesoftware, or digital circuitry. The software can be stored oncomputer-readable media. For example, computer-readable media caninclude a floppy disk, RAM, ROM, hard disk, removable media, flashmemory, memory stick, optical media, magneto-optical media, CD-ROM, etc.Digital circuitry can include integrated circuits, gate arrays, buildingblock logic, field programmable gate arrays (FPGA), etc.

The example systems, methods, and acts described in the embodimentspresented previously are illustrative, and, in alternative embodiments,certain acts can be performed in a different order, in parallel with oneanother, omitted entirely, and/or combined between different exampleembodiments, and/or certain additional acts can be performed, withoutdeparting from the scope and spirit of various embodiments. Accordingly,such alternative embodiments are included in the scope of the followingclaims, which are to be accorded the broadest interpretation so as toencompass such alternate embodiments.

Although specific embodiments have been described above in detail, thedescription is merely for purposes of illustration. It should beappreciated, therefore, that many aspects described above are notintended as required or essential elements unless explicitly statedotherwise. Modifications of, and equivalent components or actscorresponding to, the disclosed aspects of the example embodiments, inaddition to those described above, can be made by a person of ordinaryskill in the art, having the benefit of the present disclosure, withoutdeparting from the spirit and scope of embodiments defined in thefollowing claims, the scope of which is to be accorded the broadestinterpretation so as to encompass such modifications and equivalentstructures.

What is claimed is:
 1. A computer-implemented method of secure hostinteraction within a trusted computing device, the method comprising:receiving, from a trusted source via a secure interface of the trustedcomputing device, a set of restricted information; storing the set ofrestricted information in secure storage within an isolated environmentof the trusted computing device; receiving, from a host device via ahost interface of the trusted computing device, a write-file entry for awrite file of the trusted computing device; determining at least aportion of the set of restricted information that is responsive to thewrite-file entry; generating an output based on at least the portion ofthe set of restricted information; and availing the output in a readfile of the trusted computing device, wherein the host device accessesthe output from the read file via the host interface.
 2. Thecomputer-implemented method of claim 1, further comprising: storing thewrite-file entry in the write file of the trusted computing device. 3.The computer-implemented method of claim 1, wherein receiving thewrite-file entry for the write file of the trusted computing devicecomprises: receiving an executable command for the write file of thetrusted computing device.
 4. The computer-implemented method of claim 3,wherein determining at least the portion of the set of restrictedinformation that is responsive to the write-file entry comprises:determining at least the portion of the set of restricted informationthat includes information relevant to the executable command.
 5. Thecomputer-implemented method of claim 3, wherein generating the outputbased on at least the portion of the set of restricted informationcomprises: generating the output based on at least the portion of theset of restricted information, the output for use by the host device toinitiate the executable command.
 6. The computer-implemented method ofclaim 1, wherein availing the output in the read file of the trustedcomputing device comprises: generating a secure output by encrypting theoutput; and storing the secure output in the read file for access by thehost device via the host interface.
 7. The computer-implemented methodof claim 1, wherein receiving the set of restricted informationcomprises: receiving, from the trusted source via the secure interfaceof the trusted computing device, the set of restricted informationduring manufacture of the trusted computing device.
 8. A trustedcomputing device comprising: a secure interface for connecting to atrusted source; a host interface for connecting to a host device; a filesystem partition comprising a write file and a read file; and anisolated environment comprising: secure storage; an isolated processorinterfaced with the secure storage and configured to: receive, from thetrusted source via the secure interface, a set of restrictedinformation, cause the secure storage to store the set of restrictedinformation, receive, from the host device via the host interface, awrite-file entry for the write file of the file system partition,determine at least a portion of the set of restricted information thatis responsive to the write-file entry, generate an output based on atleast the portion of the set of restricted information, and cause theread file of the file system partition to store the output, wherein thehost device accesses the output from the read file via the hostinterface.
 9. The trusted computing device of claim 8, where theisolated processor is further configured to: cause the write file of thefile system partition to store the write-file entry.
 10. The trustedcomputing device of claim 8, wherein to receive the write-file entry forthe write file of the file system partition, the isolated processor isconfigured to: receive an executable command for the write file of thefile system partition.
 11. The trusted computing device of claim 10,wherein to determine at least the portion of the set of restrictedinformation that is responsive to the write-file entry, the isolatedprocessor is configured to: determine at least the portion of the set ofrestricted information that includes information relevant to theexecutable command.
 12. The trusted computing device of claim 10,wherein to generate the output based on at least the portion of the setof restricted information, the isolated processor is configured to:generate the output based on at least the portion of the set ofrestricted information, the output for use by the host device toinitiate the executable command.
 13. The trusted computing device ofclaim 8, wherein the isolated processor is further configured to:generate a secure output by encrypting the output, wherein the read fileof the file system partition stores the secure output for access by thehost device via the host interface.
 14. The trusted computing device ofclaim 8, wherein to receive the set of restricted information, theisolated processor is configured to: receive, from the trusted sourcevia the secure interface of the trusted computing device, the set ofrestricted information during manufacture of the trusted computingdevice.
 15. A non-transitory computer-readable medium containingcomputer executable instructions that, when executed by a processor,cause the processor to perform a method for secure host interactionwithin a trusted computing device, the method comprising: receiving,from a trusted source via a secure interface of the trusted computingdevice, a set of restricted information; storing the set of restrictedinformation in secure storage within an isolated environment of thetrusted computing device; receiving, from a host device via a hostinterface of the trusted computing device, a write-file entry for awrite file of the trusted computing device; determining at least aportion of the set of restricted information that is responsive to thewrite-file entry; generating an output based on at least the portion ofthe set of restricted information; and availing the output in a readfile of the trusted computing device, wherein the host device accessesthe output from the read file via the host interface.
 16. Thenon-transitory computer-readable medium of claim 15, wherein the methodfurther comprises: storing the write-file entry in the write file of thetrusted computing device.
 17. The non-transitory computer-readablemedium of claim 15, wherein receiving the write-file entry for the writefile of the trusted computing device comprises: receiving an executablecommand for the write file of the trusted computing device.
 18. Thenon-transitory computer-readable medium of claim 17, wherein determiningat least the portion of the set of restricted information that isresponsive to the write-file entry comprises: determining at least theportion of the set of restricted information that includes informationrelevant to the executable command.
 19. The non-transitorycomputer-readable medium of claim 17, wherein generating the outputbased on at least the portion of the set of restricted informationcomprises: generating the output based on at least the portion of theset of restricted information, the output for use by the host device toinitiate the executable command.
 20. The non-transitorycomputer-readable medium of claim 15, wherein availing the output in theread file of the trusted computing device comprises: generating a secureoutput by encrypting the output; and storing the secure output in theread file for access by the host device via the host interface.